asyncrat

Resubmissions

11/09/2022, 02:28

220911-cxzvkaefcm 8

10/09/2022, 15:56

220910-tdcdlaach5 10

Sharing

Copy URL

Twitter E-mail

General

Target

TRACK-ORDER#114-85737.bat
Size

65KB
Sample

220910-tdcdlaach5
MD5

44d81d1aecc0e4b0aa0f9ad726a02e99
SHA1

eebf5c17f72ee3a323619f45dd1db9d03a417c37
SHA256

4d634f419ee6d84324dccb8c2bbe3ed583220a676c92b1facf34bc749b4a9712
SHA512

6aff752752bdc92478e336c4e71e6d77ada065a76e255e84070834bcdcca52d296cc22d7f778d1dd1cc859b31716fb5a08325977cda550d2ab5da6d490121cb2
SSDEEP

192:nyj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj/:4

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

saedmad.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  TRACK-ORDER#114-85737.bat
- Size
  
  65KB
- MD5
  
  44d81d1aecc0e4b0aa0f9ad726a02e99
- SHA1
  
  eebf5c17f72ee3a323619f45dd1db9d03a417c37
- SHA256
  
  4d634f419ee6d84324dccb8c2bbe3ed583220a676c92b1facf34bc749b4a9712
- SHA512
  
  6aff752752bdc92478e336c4e71e6d77ada065a76e255e84070834bcdcca52d296cc22d7f778d1dd1cc859b31716fb5a08325977cda550d2ab5da6d490121cb2
- SSDEEP
  
  192:nyj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj5yj/:4
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Blocklisted process makes network request

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2