asyncrat | 5bfdb3c2a9763232dde5f3fce4646d7688fe1f70598ca94fa13c29a1c7273510 | Triage

Submit
Reports

Overview

overview

Static

static

und_khjckj...ajk.js

windows7-x64

und_khjckj...ajk.js

windows10-2004-x64

Sharing

General

Target

und_khjckjhadkjhajk.js
Size

205KB
Sample

220917-1c8hzaacf3
MD5

1631086ce2efffca6ffab9ae97b8f3ff
SHA1

75ca403dd06a741af86b109c0b720d33c0af4b71
SHA256

5bfdb3c2a9763232dde5f3fce4646d7688fe1f70598ca94fa13c29a1c7273510
SHA512

ced54d2e3d99218e3b3024dce627e495a6f688a41580cd1bfcb14bb9ea5c1614a3516fbb27bac284bc2fd618cd912a859326f3e839ddeceb2ebbe7cab8511254
SSDEEP

1536:bMycn+Pnt5GgJSgMvaUrFSb5ydyjJnmnHcAS1W+8B2PCAfF4CDGMlEzIqyrCAiFO:oyc+HvJSgQfSbnm+16QyCOUhD4PhWICJ

Score

10^/10

asyncrat cobaltstrike backdoor persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

und_khjckjhadkjhajk.js

Resource

win7-20220901-en

asyncrat persistence rat

windows7-x64

6 signatures

1800 seconds

Behavioral task

behavioral2

Sample

und_khjckjhadkjhajk.js

Resource

win10v2004-20220812-en

asyncrat cobaltstrike backdoor persistence rat trojan

windows10-2004-x64

12 signatures

1800 seconds

Malware Config

Targets

- Target
  
  und_khjckjhadkjhajk.js
- Size
  
  205KB
- MD5
  
  1631086ce2efffca6ffab9ae97b8f3ff
- SHA1
  
  75ca403dd06a741af86b109c0b720d33c0af4b71
- SHA256
  
  5bfdb3c2a9763232dde5f3fce4646d7688fe1f70598ca94fa13c29a1c7273510
- SHA512
  
  ced54d2e3d99218e3b3024dce627e495a6f688a41580cd1bfcb14bb9ea5c1614a3516fbb27bac284bc2fd618cd912a859326f3e839ddeceb2ebbe7cab8511254
- SSDEEP
  
  1536:bMycn+Pnt5GgJSgMvaUrFSb5ydyjJnmnHcAS1W+8B2PCAfF4CDGMlEzIqyrCAiFO:oyc+HvJSgQfSbnm+16QyCOUhD4PhWICJ
Score

10^/10

asyncrat persistence rat cobaltstrike backdoor trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratpersistencerat

behavioral2

asyncratcobaltstrikebackdoorpersistencerattrojan

© 2018-2025

Terms | Privacy