asyncrat | c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14 | Triage

Sharing

General

Target

390Z21.ps1
Size

206KB
Sample

230322-q9tqzaba8t
MD5

7f42335561e2adb6a744f1dcb02b1505
SHA1

415e34780b8e144c28995e611117d7d0182f3b22
SHA256

c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14
SHA512

442c90c2f926480beb001ed1ae45bf4f9893988d135367bf51c1a8ab7f27e4a11cbec1a9fea5f6897c1dc15cbc33fa7e0f027199c281107e7c5536a63aa2058c
SSDEEP

3072:RO2MjmUvLcSRr0zELowmGcAK3ApfJo74Pda:RpMjbYYowmGcAK3Apxm1

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

185.81.157.244:6601

Mutex

AsyncMutex_6S181I8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  390Z21.ps1
- Size
  
  206KB
- MD5
  
  7f42335561e2adb6a744f1dcb02b1505
- SHA1
  
  415e34780b8e144c28995e611117d7d0182f3b22
- SHA256
  
  c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14
- SHA512
  
  442c90c2f926480beb001ed1ae45bf4f9893988d135367bf51c1a8ab7f27e4a11cbec1a9fea5f6897c1dc15cbc33fa7e0f027199c281107e7c5536a63aa2058c
- SSDEEP
  
  3072:RO2MjmUvLcSRr0zELowmGcAK3ApfJo74Pda:RpMjbYYowmGcAK3Apxm1
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat