asyncrat | 2f36f1a117071a9097c1ec0fff17772a029594500d6706f470899168d3b595f8 | Triage

Submit
Reports

Overview

overview

Static

static

Report Details.vbs

windows7_x64

Report Details.vbs

windows10-2004_x64

Sharing

General

Target

Report Details.vbs
Size

11KB
Sample

220329-q496rsede2
MD5

319b813ad02fdd9cb8bbdec00c3774cc
SHA1

e00f63367d4ee49d84ac05059f67e74351eb73e2
SHA256

2f36f1a117071a9097c1ec0fff17772a029594500d6706f470899168d3b595f8
SHA512

7583ba7a8f5fc126f7d73fc9c69210f4c85329af2e63d95d062fc59158f905e859a2714784b72fd235dae45f4d78fb3b17c22b6ce758377dea50b777965ab328

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

Report Details.vbs

Resource

win7-20220310-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Report Details.vbs

Resource

win10v2004-20220310-en

asyncrat default rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://paste.ee/r/CTMue/0

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

rick63.publicvm.com:5900

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Report Details.vbs
- Size
  
  11KB
- MD5
  
  319b813ad02fdd9cb8bbdec00c3774cc
- SHA1
  
  e00f63367d4ee49d84ac05059f67e74351eb73e2
- SHA256
  
  2f36f1a117071a9097c1ec0fff17772a029594500d6706f470899168d3b595f8
- SHA512
  
  7583ba7a8f5fc126f7d73fc9c69210f4c85329af2e63d95d062fc59158f905e859a2714784b72fd235dae45f4d78fb3b17c22b6ce758377dea50b777965ab328
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy