asyncrat | 6224a7c89983e47390bad704d603217393ae159e59909987b5097cbd3590b700 | Triage

Submit
Reports

Overview

overview

Static

static

Invoice.vbs

windows10_x64

Sharing

General

Target

Invoice.vbs
Size

32KB
Sample

220113-xkap5acbel
MD5

19c6520ed056e9dec48778a3e3d4203d
SHA1

56111103ba9c4683f5726bd1b6d08ef6b94843cb
SHA256

6224a7c89983e47390bad704d603217393ae159e59909987b5097cbd3590b700
SHA512

30d1417ff0fde0b191c026568ae33cb52eb3fe7e7a7a36f5687e80e2f8202896e2f7987ab6fdcc998a32c15aa9a5eaaa06aa9f32979b11e52a8fae376e6b942e

Score

10^/10

asyncrat office365 rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

Invoice.vbs

Resource

win10-en-20211208

asyncrat office365 rat suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Office365

C2

null:null

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/ySTxwDDK

aes.plain

Targets

- Target
  
  Invoice.vbs
- Size
  
  32KB
- MD5
  
  19c6520ed056e9dec48778a3e3d4203d
- SHA1
  
  56111103ba9c4683f5726bd1b6d08ef6b94843cb
- SHA256
  
  6224a7c89983e47390bad704d603217393ae159e59909987b5097cbd3590b700
- SHA512
  
  30d1417ff0fde0b191c026568ae33cb52eb3fe7e7a7a36f5687e80e2f8202896e2f7987ab6fdcc998a32c15aa9a5eaaa06aa9f32979b11e52a8fae376e6b942e
Score

10^/10

asyncrat office365 rat suricata
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
  suricata
- Async RAT payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratoffice365ratsuricata

© 2018-2024

Terms | Privacy