asyncrat

General

Target

OJ9S1WAN1CF2S2RWQBRB59XGJ617USS1K-2.hta
Size

5KB
Sample

220121-x4gyjsagh2
MD5

ad3e2bc0ec075d18f975ff8b4ea2252c
SHA1

a30f89bf05eb4fa49816aef88fc0d99852abb6ff
SHA256

b942100a431c14ac2f65bff75e5b5ab96d788cc97bc8663062c72e341d862359
SHA512

2ad3a027d39d923ace2a99e7e1cec3179c1eca163885b085d9a7effd02e5db52d1ec104210dbefd8b8683bf70aa298182c87a1bf02fe83ea43b90ac15eed4727

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

asyncmoney.duckdns.org:7829

asyncmoney.duckdns.org:7840

asyncmoney.duckdns.org:7841

asyncmoney.duckdns.org:7842

asyncmoney.duckdns.org:7849

asyncpcc.duckdns.org:7829

asyncpcc.duckdns.org:7840

asyncpcc.duckdns.org:7841

asyncpcc.duckdns.org:7842

asyncpcc.duckdns.org:7849

monedfghsja.duckdns.org:7829

monedfghsja.duckdns.org:7840

monedfghsja.duckdns.org:7841

monedfghsja.duckdns.org:7842

monedfghsja.duckdns.org:7849

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_file
Adobe.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  OJ9S1WAN1CF2S2RWQBRB59XGJ617USS1K-2.hta
- Size
  
  5KB
- MD5
  
  ad3e2bc0ec075d18f975ff8b4ea2252c
- SHA1
  
  a30f89bf05eb4fa49816aef88fc0d99852abb6ff
- SHA256
  
  b942100a431c14ac2f65bff75e5b5ab96d788cc97bc8663062c72e341d862359
- SHA512
  
  2ad3a027d39d923ace2a99e7e1cec3179c1eca163885b085d9a7effd02e5db52d1ec104210dbefd8b8683bf70aa298182c87a1bf02fe83ea43b90ac15eed4727
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2