asyncrat | e960b61bb463dcd9b5b931fefdb5098311187e1a67543b682785c968a7f59567 | Triage

Submit
Reports

Overview

overview

Static

static

Statement-...25.bat

windows7-x64

8

Statement-...25.bat

windows10-2004-x64

Sharing

General

Target

Statement-N-2565325.bat
Size

61KB
Sample

220921-q6pmvagdf6
MD5

ab6cc2b98ec1b429d13a402f543433bd
SHA1

9b5f9efdfc21ff4a383444a12776a5b587a1c691
SHA256

e960b61bb463dcd9b5b931fefdb5098311187e1a67543b682785c968a7f59567
SHA512

ff3e35922fa4c8b8c311e087a912a15d84f99aa0615371e31fcf567d7d3c0a1e621afba96f53d8aa6432de349a4bcfaac233b061aaf829c63aff4da896f08d70
SSDEEP

96:Q2I202I2b2u202I2r202c2dGR7F2G2T2922gv2W2k2lQ2D2WX2J212J2JGR7Wgvd:aguQ2hW2Dgvd

Score

10^/10

asyncrat max rat

Static task

static1

Behavioral task

behavioral1

Sample

Statement-N-2565325.bat

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Statement-N-2565325.bat

Resource

win10v2004-20220812-en

asyncrat max rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

mAx

C2

ceda7x.vip:6666

Mutex

AsyncMutex_ff

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Statement-N-2565325.bat
- Size
  
  61KB
- MD5
  
  ab6cc2b98ec1b429d13a402f543433bd
- SHA1
  
  9b5f9efdfc21ff4a383444a12776a5b587a1c691
- SHA256
  
  e960b61bb463dcd9b5b931fefdb5098311187e1a67543b682785c968a7f59567
- SHA512
  
  ff3e35922fa4c8b8c311e087a912a15d84f99aa0615371e31fcf567d7d3c0a1e621afba96f53d8aa6432de349a4bcfaac233b061aaf829c63aff4da896f08d70
- SSDEEP
  
  96:Q2I202I2b2u202I2r202c2dGR7F2G2T2922gv2W2k2lQ2D2WX2J212J2JGR7Wgvd:aguQ2hW2Dgvd
Score

10^/10

asyncrat max rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy