asyncrat

General

Target

TEST2.ps1
Size

13KB
Sample

211116-sr6c6abdaq
MD5

b89d341ff7d766779f73981e85554e88
SHA1

d2d0125bfd5c4c98ad9e3dfed828d6278eb35a2f
SHA256

206f5a7cd8280a37396db687819a2b8d1f17bb46378260cd60421b047999c2e1
SHA512

c293fbf64ac72af88f13c7b4f8f2712d2ee49d60cd2f9043ac373b03e60faec0789aa2c100f5bd09229f99c882c5e76e7bacacae9d801f8a3ede6d73eaa55f7e

Score

10^/10

asyncrat njrat |------[test)------|rat trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/903998922576519211/909890026442195044/X1.jpg

exe.dropper

https://cdn.discordapp.com/attachments/903998922576519211/909890023644610560/BYBY_1.jpg

Extracted

Family

njrat

Version

v2.0

Botnet

|------[TEST)------|

C2

new.libya2020.com.ly:2020

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  TEST2.ps1
- Size
  
  13KB
- MD5
  
  b89d341ff7d766779f73981e85554e88
- SHA1
  
  d2d0125bfd5c4c98ad9e3dfed828d6278eb35a2f
- SHA256
  
  206f5a7cd8280a37396db687819a2b8d1f17bb46378260cd60421b047999c2e1
- SHA512
  
  c293fbf64ac72af88f13c7b4f8f2712d2ee49d60cd2f9043ac373b03e60faec0789aa2c100f5bd09229f99c882c5e76e7bacacae9d801f8a3ede6d73eaa55f7e
Score

10^/10

asyncrat njrat |------[test)------|rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Async RAT payload

Blocklisted process makes network request

Executes dropped EXE

Drops startup file

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2