asyncrat

General

Target

update.ps1
Size

376KB
Sample

220705-pxa8eshcdp
MD5

77f36fa17a3be2cce1b5211ce3f00c9d
SHA1

bf73e8773a0e2da68815d092dc53c89572117fb8
SHA256

1670572dbb748d82d05e91298564847dbda33749d8721537601457194abd7569
SHA512

f77a3a3c9711543cb3a833bdba4916bbdcd20fa82a8488ffaddadf6d5b0d03b31b9fdac7c7651708ba787c7bf15d9f03c52f913d1f7e6f65b75a27100ccaf74f

Score

10^/10

asyncrat #_avast_#rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

#_AVAST_#

C2

cdtpitbull.hopto.org:7707

cdtpitbull.hopto.org:4404

cdtpitbull.hopto.org:5505

cdtpitbull.hopto.org:3303

cdtpitbull.hopto.org:2222

cdtpitbull.hopto.org:6606

cdtpitbull.hopto.org:8808

cdtpitbull.hopto.org:5155

cdtpitbull.hopto.org:5122

cdtpitbull.hopto.org:8001

cdtpitbull.hopto.org:9000

cdtpitbull.hopto.org:9999

cdtpitbull.hopto.org:8888

chromedata.accesscam.org:7707

chromedata.accesscam.org:4404

chromedata.accesscam.org:5505

chromedata.accesscam.org:3303

chromedata.accesscam.org:2222

chromedata.accesscam.org:6606

chromedata.accesscam.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
DesbravadorUpdata.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  update.ps1
- Size
  
  376KB
- MD5
  
  77f36fa17a3be2cce1b5211ce3f00c9d
- SHA1
  
  bf73e8773a0e2da68815d092dc53c89572117fb8
- SHA256
  
  1670572dbb748d82d05e91298564847dbda33749d8721537601457194abd7569
- SHA512
  
  f77a3a3c9711543cb3a833bdba4916bbdcd20fa82a8488ffaddadf6d5b0d03b31b9fdac7c7651708ba787c7bf15d9f03c52f913d1f7e6f65b75a27100ccaf74f
Score

10^/10

asyncrat #_avast_#rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2