Overview

overview

10

Static

static

RS0517010156Y.bat

windows7-x64

8

RS0517010156Y.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RS0517010156Y.bat

  • Size

    8KB

  • Sample

    220923-yj9y9shge2

  • MD5

    c395f784569f67d75c18d71bfb456de5

  • SHA1

    6fea746cfd8e1c06633a01358c0e216c9b18408a

  • SHA256

    29ee5ddb52cac1c7be2d68471f62f45c93bcc85d9ac20e27ccc4cacca05e893f

  • SHA512

    10594ccd7e3f3d8fd2d6b36c71dd4b6da4f799407d3a3e6611546861c75ee916342d2d1dc2621b3bf83e3b914952a74cca308a89cc79e9e04d0621106d74167f

  • SSDEEP

    192:lJTXeBTXeoTXe2TXe/TXeqTXeoTXeyTXefTXeoTXeSTXetTXeU1TXevTXeF1TXeV:7X4XRXlXGX/XRXNXWXRXBX2XXXGXsX9K

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

superfaster1.is-found.org:5020

Mutex

AsyncMutex_ziad

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      RS0517010156Y.bat

    • Size

      8KB

    • MD5

      c395f784569f67d75c18d71bfb456de5

    • SHA1

      6fea746cfd8e1c06633a01358c0e216c9b18408a

    • SHA256

      29ee5ddb52cac1c7be2d68471f62f45c93bcc85d9ac20e27ccc4cacca05e893f

    • SHA512

      10594ccd7e3f3d8fd2d6b36c71dd4b6da4f799407d3a3e6611546861c75ee916342d2d1dc2621b3bf83e3b914952a74cca308a89cc79e9e04d0621106d74167f

    • SSDEEP

      192:lJTXeBTXeoTXe2TXe/TXeqTXeoTXeyTXefTXeoTXeSTXetTXeU1TXevTXeF1TXeV:7X4XRXlXGX/XRXNXWXRXBX2XXXGXsX9K

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks