asyncrat | 19cdcf460fdca1e5935eb3ba7f428172007bfe5c23c4a95aec10e1f40786d472 | Triage

Submit
Reports

Overview

overview

Static

static

RR807010335LL.bat

windows7-x64

8

RR807010335LL.bat

windows10-2004-x64

Sharing

General

Target

RR807010335LL.bat
Size

8KB
Sample

220918-waf9gsfdhm
MD5

ac349bc7579eea3d10b3ca44cad8a3bb
SHA1

cecbc870f429664b51d246a189892bbb8d8fc3b7
SHA256

19cdcf460fdca1e5935eb3ba7f428172007bfe5c23c4a95aec10e1f40786d472
SHA512

2232d3716d918775a50df02a3211863a889516e4212292bf7deb82dfdee2a883336d199e52e3586a230b3db449cf2c3944691878314c4cd75ef46c111c6660d2
SSDEEP

192:lSJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJjczJNJrJ5YNJBJNDJ8JZZE/:YJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJz

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

RR807010335LL.bat

Resource

win7-20220812-en

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

RR807010335LL.bat

Resource

win10v2004-20220901-en

asyncrat default rat

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

superfaster1.is-found.org:5020

Mutex

AsyncMutex_ziad

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RR807010335LL.bat
- Size
  
  8KB
- MD5
  
  ac349bc7579eea3d10b3ca44cad8a3bb
- SHA1
  
  cecbc870f429664b51d246a189892bbb8d8fc3b7
- SHA256
  
  19cdcf460fdca1e5935eb3ba7f428172007bfe5c23c4a95aec10e1f40786d472
- SHA512
  
  2232d3716d918775a50df02a3211863a889516e4212292bf7deb82dfdee2a883336d199e52e3586a230b3db449cf2c3944691878314c4cd75ef46c111c6660d2
- SSDEEP
  
  192:lSJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJjczJNJrJ5YNJBJNDJ8JZZE/:YJcJlJTJCJrJlJjJmJlJzJp9JDJCJmJz
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy