asyncrat | 146ff96668acfa0b36d30bab42321a2cdeccfa9714c8e1cc832741ff1d5c5d84 | Triage

Submit
Reports

Overview

overview

Static

static

Confirmati...562.js

windows7-x64

Confirmati...562.js

windows10-2004-x64

Sharing

General

Target

Confirmation transfer MT103 copy Ref010102562.js
Size

93KB
Sample

221010-jcdj6abcbq
MD5

bf0318f06d90661b7e6a8a4465cef37c
SHA1

848359829b1969522d00a72119d3a2d59ac891f2
SHA256

146ff96668acfa0b36d30bab42321a2cdeccfa9714c8e1cc832741ff1d5c5d84
SHA512

0fc0243d146c2afcdfbc94d439d12a2b18ef9f1d348ef0dee03d6b46fa4435178ae726b35fa6811f37a4453edafd85fc2374c33d723120862be109816f65ab0d
SSDEEP

1536:JUkTxiUoAcTzClzG6JhZgLQZNSZ+ufVkx1JknLYZZh/Myw3IY/p+/:GAcCpdeQZNW2kkJ/Ank/

Score

10^/10

asyncrat vjw0rm default rat trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

Confirmation transfer MT103 copy Ref010102562.js

Resource

win7-20220812-en

asyncrat vjw0rm default rat trojan worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Confirmation transfer MT103 copy Ref010102562.js

Resource

win10v2004-20220812-en

asyncrat vjw0rm default rat trojan worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

fresh02.ddns.net:2245

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
logs.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Confirmation transfer MT103 copy Ref010102562.js
- Size
  
  93KB
- MD5
  
  bf0318f06d90661b7e6a8a4465cef37c
- SHA1
  
  848359829b1969522d00a72119d3a2d59ac891f2
- SHA256
  
  146ff96668acfa0b36d30bab42321a2cdeccfa9714c8e1cc832741ff1d5c5d84
- SHA512
  
  0fc0243d146c2afcdfbc94d439d12a2b18ef9f1d348ef0dee03d6b46fa4435178ae726b35fa6811f37a4453edafd85fc2374c33d723120862be109816f65ab0d
- SSDEEP
  
  1536:JUkTxiUoAcTzClzG6JhZgLQZNSZ+ufVkx1JknLYZZh/Myw3IY/p+/:GAcCpdeQZNW2kkJ/Ank/
Score

10^/10

asyncrat vjw0rm default rat trojan worm
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

asyncratvjw0rmdefaultrattrojanworm

behavioral2

asyncratvjw0rmdefaultrattrojanworm

© 2018-2024

Terms | Privacy