asyncrat

General

Target

V00GH01_Invoice_Copy.vbs
Size

3KB
Sample

210913-z4gc5ahdhq
MD5

f0eb4b843b026d5d100f69d47c2f576e
SHA1

f29356a70659a502ef8eea82fef2cc05e92d80fd
SHA256

c083348abc25e7c20eed06e9ceddd94af7b4787ea22dbca312d4b9e8504cf882
SHA512

57165f90091e183b248dc0cb8f7a8ca8dffa68818b4bbc045e7128ed13326c71e94de1111daefcd6875438afe3b2b765d51195ea1e3a0f8e986c74956f00c801

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://52.188.147.221/All%20in%20One/fj.txt

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

jilldoggyy.duckdns.org:7840

jilldoggyy.duckdns.org:7829

jilldoggyy.duckdns.org:7841

103.147.185.192:7840

103.147.185.192:7829

103.147.185.192:7841

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

20.194.35.6:8023

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  V00GH01_Invoice_Copy.vbs
- Size
  
  3KB
- MD5
  
  f0eb4b843b026d5d100f69d47c2f576e
- SHA1
  
  f29356a70659a502ef8eea82fef2cc05e92d80fd
- SHA256
  
  c083348abc25e7c20eed06e9ceddd94af7b4787ea22dbca312d4b9e8504cf882
- SHA512
  
  57165f90091e183b248dc0cb8f7a8ca8dffa68818b4bbc045e7128ed13326c71e94de1111daefcd6875438afe3b2b765d51195ea1e3a0f8e986c74956f00c801
Score

10^/10

asyncrat njrat default hacked rat suricata trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

njRAT/Bladabindi

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

Async RAT payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2