asyncrat | b1b279e81410d415a097e9cab59aa3a04728adf62095c99d1aee345b124d4b49 | Triage

Sharing

General

Target

img.jpg.ps1
Size

771KB
Sample

221216-h13nhshb2y
MD5

5ac2d245025afdd32eb83ee07c5eac2c
SHA1

2d7afe2482c8b00f64a3c06f1991e9d31e5e4992
SHA256

b1b279e81410d415a097e9cab59aa3a04728adf62095c99d1aee345b124d4b49
SHA512

f27af8054d6898da00de2b999cb421f26307d46f6b64c041d617b84b7012cec872e7f827f0befe71464e2ee0644d606a20cf231bbab52de9af78b806778f00e3
SSDEEP

3072:DWYU4444d444444444444444g44444444444444444K44444444444444449444a:D1/QImq4sn+kdnuzDT03ApT

Score

10^/10

asyncrat x rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

x

C2

jok7oda.publicvm.com:7777

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  img.jpg.ps1
- Size
  
  771KB
- MD5
  
  5ac2d245025afdd32eb83ee07c5eac2c
- SHA1
  
  2d7afe2482c8b00f64a3c06f1991e9d31e5e4992
- SHA256
  
  b1b279e81410d415a097e9cab59aa3a04728adf62095c99d1aee345b124d4b49
- SHA512
  
  f27af8054d6898da00de2b999cb421f26307d46f6b64c041d617b84b7012cec872e7f827f0befe71464e2ee0644d606a20cf231bbab52de9af78b806778f00e3
- SSDEEP
  
  3072:DWYU4444d444444444444444g44444444444444444K44444444444444449444a:D1/QImq4sn+kdnuzDT03ApT
Score

10^/10

asyncrat x rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2