asyncrat

General

Target

4023a02e0c9b2fbc0f1c883c337653928de6ea07834ce0efd3de365be9ad0f50.js
Size

908KB
Sample

221220-jdpc2sca8t
MD5

0f615e4a9d0e80813def9e1f2df43e8b
SHA1

55db1ee813628edb038008637b2e1cbb0002238b
SHA256

4023a02e0c9b2fbc0f1c883c337653928de6ea07834ce0efd3de365be9ad0f50
SHA512

8dab94c87abdaf7dc0e2565f869f361bca5b889959f23278b276016467d3648d78b02bccb1fdf76864f14efa9db339df4c827ad96362221ecf8a34979944db68
SSDEEP

6144:G9DHYDH+DuqQLzi5ZwwOueyPzjv868i0riTj0Ysv/mgXAi4SHsjoxi:GtHYDeDuDLzi5ZFeyPzj8Ysv/mgXAiIN

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.246.220.208:6606

185.246.220.208:7707

185.246.220.208:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4023a02e0c9b2fbc0f1c883c337653928de6ea07834ce0efd3de365be9ad0f50.js
- Size
  
  908KB
- MD5
  
  0f615e4a9d0e80813def9e1f2df43e8b
- SHA1
  
  55db1ee813628edb038008637b2e1cbb0002238b
- SHA256
  
  4023a02e0c9b2fbc0f1c883c337653928de6ea07834ce0efd3de365be9ad0f50
- SHA512
  
  8dab94c87abdaf7dc0e2565f869f361bca5b889959f23278b276016467d3648d78b02bccb1fdf76864f14efa9db339df4c827ad96362221ecf8a34979944db68
- SSDEEP
  
  6144:G9DHYDH+DuqQLzi5ZwwOueyPzjv868i0riTj0Ysv/mgXAi4SHsjoxi:GtHYDeDuDLzi5ZFeyPzj8Ysv/mgXAiIN
Score

10^/10

asyncrat vjw0rm default rat trojan worm
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vjw0rm

Async RAT payload

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Drops startup file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2