Description
AsyncRAT is designed to remotely monitor and control other computers.
General
Target
Size
Sample
stuff.ps1
188KB
220413-2l9m3afhgl
Score
10/10
MD5
SHA1
SHA256
SHA512
8254ae9b0d6365640abaf15d2d74a4ab
072d72634d8ddfe16e8065822797d61e8f2cf6a1
4c4940488f9f3281b8cf4e88d400d4b18285addc198021cbc7dc990b4ab10aa7
c84f06d269a0abfb5cff67a08b191468d7ba094830c994743e4f759eb6aba4d23de3f7290bd9cc2991ba01eca8c298734fe38397313f751456c111b72986f247
Malware Config
Extracted
| Family | asyncrat |
| Version | 0.5.7B |
| Botnet | 1 |
| C2 |
anderione.com:5252 |
| Attributes |
delay 3
install false
install_folder %AppData% |
| aes.plain |
|
Targets
Target
MD5
Filesize
stuff.ps1
8254ae9b0d6365640abaf15d2d74a4ab
188KB
Score
10/10
SHA1
SHA256
SHA512
072d72634d8ddfe16e8065822797d61e8f2cf6a1
4c4940488f9f3281b8cf4e88d400d4b18285addc198021cbc7dc990b4ab10aa7
c84f06d269a0abfb5cff67a08b191468d7ba094830c994743e4f759eb6aba4d23de3f7290bd9cc2991ba01eca8c298734fe38397313f751456c111b72986f247
Tags
Signatures
-
AsyncRat
-
Process spawned unexpected child process
Description
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
Description
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
Tags
-
Async RAT payload
Tags
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10