asyncrat | d2307bde19ff133b993f41dd7d48c602c9e81c7689f4c074a80c99c212c8c7a1 | Triage

Sharing

General

Target

ig.png
Size

291KB
Sample

221206-sch93sgg55
MD5

39d128417e6cbcf1674b832db455120e
SHA1

9935f89ad08a8a2c6a4a6689cdfc32057aafbb33
SHA256

d2307bde19ff133b993f41dd7d48c602c9e81c7689f4c074a80c99c212c8c7a1
SHA512

5c8156827635cbd46744e829295dd2137a5e05860bf57a7e06e413784b64cdb1dffb1e9945b1eb274164461ec45010814748dae8b2dcc9b028b902f9f20169b9
SSDEEP

3072:saYeYvrUvSZezYXgnzD393ApTTbQI8Iv1vZoZWdP:sZeYvrUvNYXgzD393ApTTMIUZWdP

Score

10^/10

asyncrat santos rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Santos

C2

sdf65dsf5df4dfs5555e8.ooguy.com:5001

westernogetobarsbrmng.ooguy.com:5001

Mutex

Santo_785NT

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ig.png
- Size
  
  291KB
- MD5
  
  39d128417e6cbcf1674b832db455120e
- SHA1
  
  9935f89ad08a8a2c6a4a6689cdfc32057aafbb33
- SHA256
  
  d2307bde19ff133b993f41dd7d48c602c9e81c7689f4c074a80c99c212c8c7a1
- SHA512
  
  5c8156827635cbd46744e829295dd2137a5e05860bf57a7e06e413784b64cdb1dffb1e9945b1eb274164461ec45010814748dae8b2dcc9b028b902f9f20169b9
- SSDEEP
  
  3072:saYeYvrUvSZezYXgnzD393ApTTbQI8Iv1vZoZWdP:sZeYvrUvNYXgzD393ApTTMIUZWdP
Score

10^/10

asyncrat santos rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratsantosrat