asyncrat | e05a116bf80f3d77481a9962caa9d0d8544f287dfd6b6c865054e8ea9c9f6826 | Triage

Sharing

General

Target

Good.ps1
Size

1KB
Sample

220926-y3tfmadaen
MD5

f352e9ea5b48e556410878e8204434f5
SHA1

3e6be512bdf272021faf840ce76d149631c322f5
SHA256

e05a116bf80f3d77481a9962caa9d0d8544f287dfd6b6c865054e8ea9c9f6826
SHA512

8d08c60a887dec659abfae2f10fadb426640d3e3a56394b18b382dd0c43759c6dd7504f6fe17a720cd7c412bf6f97ae8f9fb0940ee11b3a64891446218444b21

Score

10^/10

asyncrat default evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

worldpassed.publicvm.com:199

Mutex

AsyncMutex_6SI8OkBrC

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Good.ps1
- Size
  
  1KB
- MD5
  
  f352e9ea5b48e556410878e8204434f5
- SHA1
  
  3e6be512bdf272021faf840ce76d149631c322f5
- SHA256
  
  e05a116bf80f3d77481a9962caa9d0d8544f287dfd6b6c865054e8ea9c9f6826
- SHA512
  
  8d08c60a887dec659abfae2f10fadb426640d3e3a56394b18b382dd0c43759c6dd7504f6fe17a720cd7c412bf6f97ae8f9fb0940ee11b3a64891446218444b21
Score

10^/10

asyncrat default evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- UAC bypass
  evasion trojan
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultevasionrattrojan