Overview

overview

10

Static

static

async1.bat

windows7-x64

8

async1.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    async1.bat

  • Size

    53KB

  • Sample

    230110-krk38afe28

  • MD5

    48c5d502eb750b327615dec7362dabf9

  • SHA1

    93d7f7ce15d1ffc3b584056eadef6f72deede6bb

  • SHA256

    80c1568ef979e0d9881fa33ee69c3f8c15caa924acd4df9e4c951a7047577caa

  • SHA512

    15abd3360d6e9fa55892199a94f57d3d4a32798a15a5bb406d42bdb458cd679f4a27f8e310b4579d4b9c38d4384fd1e4015508ea68970c678facdf4a9cedc411

  • SSDEEP

    768:OonA1XlKQLUXpAyDnezCBrVvb5XEzbtMUVD96UKi2MLo2TmOtSBNodnU6gQBM:KXwQLUX/SC/v1UzbtTl1E238nyUBQBM

Score
10/10
asyncratpersistencerat

Malware Config

Targets

    • Target

      async1.bat

    • Size

      53KB

    • MD5

      48c5d502eb750b327615dec7362dabf9

    • SHA1

      93d7f7ce15d1ffc3b584056eadef6f72deede6bb

    • SHA256

      80c1568ef979e0d9881fa33ee69c3f8c15caa924acd4df9e4c951a7047577caa

    • SHA512

      15abd3360d6e9fa55892199a94f57d3d4a32798a15a5bb406d42bdb458cd679f4a27f8e310b4579d4b9c38d4384fd1e4015508ea68970c678facdf4a9cedc411

    • SSDEEP

      768:OonA1XlKQLUXpAyDnezCBrVvb5XEzbtMUVD96UKi2MLo2TmOtSBNodnU6gQBM:KXwQLUX/SC/v1UzbtTl1E238nyUBQBM

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks