asyncrat | d2924b0d5315ff62dec0546d2f8a3b29cc7469ac8f7f7421723d385cd5a8756a | Triage

Sharing

General

Target

h.png
Size

254KB
Sample

221206-sehrbsgh92
MD5

ede6cd34749899b3315b0c7657bd35d1
SHA1

c57e4fa620815c6049b271ca6400c22ad499547a
SHA256

d2924b0d5315ff62dec0546d2f8a3b29cc7469ac8f7f7421723d385cd5a8756a
SHA512

a3b337ebd870472c81e3500c1bf651563e67db8b370cdd557c8dd9968530ac0c04cb04c2ac121413f440b6a4133c796d7b2024b8e71a789edaa57e469a7f4521
SSDEEP

3072:zaYePSGUCQnJzD3k3ApRMOheOdniETnkhYbZWdw:zZePNQJzD3k3ApRM+eOdni2rZWdw

Score

10^/10

asyncrat error_95802ag rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Error_95802AG

C2

sdf65dsf5df4dfs5555e8.ooguy.com:5001

westernogetobarsbrmng.ooguy.com:5001

Mutex

Error_589ERD5V

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  h.png
- Size
  
  254KB
- MD5
  
  ede6cd34749899b3315b0c7657bd35d1
- SHA1
  
  c57e4fa620815c6049b271ca6400c22ad499547a
- SHA256
  
  d2924b0d5315ff62dec0546d2f8a3b29cc7469ac8f7f7421723d385cd5a8756a
- SHA512
  
  a3b337ebd870472c81e3500c1bf651563e67db8b370cdd557c8dd9968530ac0c04cb04c2ac121413f440b6a4133c796d7b2024b8e71a789edaa57e469a7f4521
- SSDEEP
  
  3072:zaYePSGUCQnJzD3k3ApRMOheOdniETnkhYbZWdw:zZePNQJzD3k3ApRM+eOdni2rZWdw
Score

10^/10

asyncrat error_95802ag rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncraterror_95802agrat