asyncrat

General

Target

TWEASOPKSA_002_PDF.vbs
Size

238KB
Sample

220922-vtwylscae2
MD5

b757fcf7a0df8528178bf586a3d718ae
SHA1

65394437dbbc8405b0a4b5c5e87bd1668f644d09
SHA256

84f101fd1efbadf4f287849ae8dc6f09729f1741143b7465a4233599b9865624
SHA512

908a583130bec368503d3a5ca62b7432d45910bc9adabd96da5310e38d5691a2c9bb9f71114c8a1270bf133d5324dec0afa819817fc85768d6c5cecaa9340119
SSDEEP

48:sK0mjzlXJj5NzzBWsoMtssbs0Qs+PM/sq6OkZ9s3XEHDzzAA:sKDF9n0JMtswebE0DAsDoA

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://contadoreshbc.com/dll_startup

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

ehjay2022.duckdns.org:6739

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  TWEASOPKSA_002_PDF.vbs
- Size
  
  238KB
- MD5
  
  b757fcf7a0df8528178bf586a3d718ae
- SHA1
  
  65394437dbbc8405b0a4b5c5e87bd1668f644d09
- SHA256
  
  84f101fd1efbadf4f287849ae8dc6f09729f1741143b7465a4233599b9865624
- SHA512
  
  908a583130bec368503d3a5ca62b7432d45910bc9adabd96da5310e38d5691a2c9bb9f71114c8a1270bf133d5324dec0afa819817fc85768d6c5cecaa9340119
- SSDEEP
  
  48:sK0mjzlXJj5NzzBWsoMtssbs0Qs+PM/sq6OkZ9s3XEHDzzAA:sKDF9n0JMtswebE0DAsDoA
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Async RAT payload

Blocklisted process makes network request

Checks computer location settings

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2