asyncrat | 967732005fae1af8d9aafa76ca12dac96bdfe52e79e7985e0d963511092dbeb9 | Triage

Submit
Reports

Overview

overview

Static

static

Bill-ID0574.bat

windows7-x64

8

Bill-ID0574.bat

windows10-2004-x64

Sharing

General

Target

Bill-ID0574.bat
Size

658KB
Sample

220923-ymjaqabcap
MD5

cf5a56fd49fe38a0cb1addfd6943513b
SHA1

a55f86ae35746befb2d20b2572dbda734a8420e8
SHA256

967732005fae1af8d9aafa76ca12dac96bdfe52e79e7985e0d963511092dbeb9
SHA512

170f977cb9bb8c20a282f42ffb14c3b529121ad24b4ad798637a2e6388966068617a83602f0f69c79c7ce222b236bce121628adcf840f2a7e25095d6b2800613
SSDEEP

192:CSPrQNPXMPLi1ouqn11jSwXqtj2enRwX+:3N+qu

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

Bill-ID0574.bat

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bill-ID0574.bat

Resource

win10v2004-20220812-en

asyncrat default rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

195.178.120.137:6071

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Bill-ID0574.bat
- Size
  
  658KB
- MD5
  
  cf5a56fd49fe38a0cb1addfd6943513b
- SHA1
  
  a55f86ae35746befb2d20b2572dbda734a8420e8
- SHA256
  
  967732005fae1af8d9aafa76ca12dac96bdfe52e79e7985e0d963511092dbeb9
- SHA512
  
  170f977cb9bb8c20a282f42ffb14c3b529121ad24b4ad798637a2e6388966068617a83602f0f69c79c7ce222b236bce121628adcf840f2a7e25095d6b2800613
- SSDEEP
  
  192:CSPrQNPXMPLi1ouqn11jSwXqtj2enRwX+:3N+qu
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

© 2018-2024

Terms | Privacy