asyncrat | 7ce24a33f4c22348ea1da16e5d04ac7936b8488a48371673343754e586069faf | Triage

Sharing

General

Target

KELCYML94182.vbs
Size

820B
Sample

220226-3tkjksbeb9
MD5

876924f6b4fe731b83fdd100bbf26cc2
SHA1

411d8886c79f7acfb50663234b67f22f5bc48cdd
SHA256

7ce24a33f4c22348ea1da16e5d04ac7936b8488a48371673343754e586069faf
SHA512

f0173ca14f0066a458946484cd2be6126c70ac3ce1c221d3265e76b89dc38ae9285732539a97315664c20c199403f7bd9135b05f136f030bbdf8a090c690c543

Score

10^/10

asyncrat zain-work-new rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://sikabid.com/.Final2.txt

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

ZAIN-WORK-NEW

C2

pop5.ddns.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  KELCYML94182.vbs
- Size
  
  820B
- MD5
  
  876924f6b4fe731b83fdd100bbf26cc2
- SHA1
  
  411d8886c79f7acfb50663234b67f22f5bc48cdd
- SHA256
  
  7ce24a33f4c22348ea1da16e5d04ac7936b8488a48371673343754e586069faf
- SHA512
  
  f0173ca14f0066a458946484cd2be6126c70ac3ce1c221d3265e76b89dc38ae9285732539a97315664c20c199403f7bd9135b05f136f030bbdf8a090c690c543
Score

10^/10

asyncrat zain-work-new rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratzain-work-newrat