Overview

overview

10

Static

static

eJOkxSjGrIAsync.js

windows7_x64

10

eJOkxSjGrIAsync.js

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eJOkxSjGrIAsync.js

  • Size

    93KB

  • Sample

    220627-pq62hsbbal

  • MD5

    5f4cbf087832aeb798ab6b7bc6e7ca5f

  • SHA1

    881ea13605e3286c0752d17eceb58685f50679ad

  • SHA256

    b493208184fa838892417ca6066061856a0aa98c798573bc7a8dcc61327d81a9

  • SHA512

    aedef885e00679103fb28fcc6d7f51fbd28c5686168f67dce9556976704493323764ef6318de97c77bc61d20d39ac828ba0d52dd982368e97c4cdc31eea7d207

Score
10/10
asyncratvjw0rmdefaultpersistenceratsuricatatrojanworm

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

104.168.33.53:6606

104.168.33.53:7707

104.168.33.53:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      eJOkxSjGrIAsync.js

    • Size

      93KB

    • MD5

      5f4cbf087832aeb798ab6b7bc6e7ca5f

    • SHA1

      881ea13605e3286c0752d17eceb58685f50679ad

    • SHA256

      b493208184fa838892417ca6066061856a0aa98c798573bc7a8dcc61327d81a9

    • SHA512

      aedef885e00679103fb28fcc6d7f51fbd28c5686168f67dce9556976704493323764ef6318de97c77bc61d20d39ac828ba0d52dd982368e97c4cdc31eea7d207

    Score
    10/10
    asyncratvjw0rmdefaultpersistenceratsuricatatrojanworm

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks