asyncrat | 112f2f582654691ec17bd5dade694cca5d2447c53c9d6b3a668611907ceb1d52 | Triage

Sharing

General

Target

import.ps1
Size

7.7MB
Sample

221211-rac5lsgh92
MD5

aeeb7afa26cff3fff16e54c677056b73
SHA1

28b0befdbfa2a3fc66b328756c7c6ac636336ec2
SHA256

112f2f582654691ec17bd5dade694cca5d2447c53c9d6b3a668611907ceb1d52
SHA512

8d51343705aa0bf078159acf5161356a7ea25fc5b134f86220de46728a4bb089c1667267480dbc314a121cb0180007cd6e9c451966f28d381347fffa74ae762d
SSDEEP

24576:cfn0m/OPb9o/Ha4KZZQLFq487s/0H+VXQ5qDrtj6Bnoi4LD2/Qy4IyQr+KJn04vE:w

Score

10^/10

asyncrat default evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

antivirus-ssl.myiphost.com:195

Mutex

AsyncMutex_6SI8OkLrx

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  import.ps1
- Size
  
  7.7MB
- MD5
  
  aeeb7afa26cff3fff16e54c677056b73
- SHA1
  
  28b0befdbfa2a3fc66b328756c7c6ac636336ec2
- SHA256
  
  112f2f582654691ec17bd5dade694cca5d2447c53c9d6b3a668611907ceb1d52
- SHA512
  
  8d51343705aa0bf078159acf5161356a7ea25fc5b134f86220de46728a4bb089c1667267480dbc314a121cb0180007cd6e9c451966f28d381347fffa74ae762d
- SSDEEP
  
  24576:cfn0m/OPb9o/Ha4KZZQLFq487s/0H+VXQ5qDrtj6Bnoi4LD2/Qy4IyQr+KJn04vE:w
Score

10^/10

evasion trojan asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- UAC bypass
  evasion trojan
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultevasionrattrojan