asyncrat | b2aab26d36c289c0922a8cde64767571c9fec6daa765caee23a9b2c1fe7c0b17 | Triage

Sharing

General

Target

28-55-63-12.JS.js
Size

120KB
Sample

230322-x3szesah47
MD5

c9d2d5758ea0bc1c82bf466b68fad4ee
SHA1

30daf976e08feb0ecbb6a10958d09a6e2da2bcf8
SHA256

b2aab26d36c289c0922a8cde64767571c9fec6daa765caee23a9b2c1fe7c0b17
SHA512

20f3509e7cb2ebf00e1bd0a91c4fab0981cf8b90cb088abde8da63b36f785471466503edd820acbc033fdc11832ae8e3af3d9d09257f1cd0ac19d28bc0bf983a
SSDEEP

384:xXWXWXWXWXWXWXWXWXWXWXWXEXWXWXWXWXWXWXWXWXWXWXWX0XWXWXWXWXWXWXWZ:i/dNx

Score

10^/10

asyncrat cairo persistence rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Cairo

C2

admincairo.linkpc.net:7707

Mutex

AsyncMutex_move

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  28-55-63-12.JS.js
- Size
  
  120KB
- MD5
  
  c9d2d5758ea0bc1c82bf466b68fad4ee
- SHA1
  
  30daf976e08feb0ecbb6a10958d09a6e2da2bcf8
- SHA256
  
  b2aab26d36c289c0922a8cde64767571c9fec6daa765caee23a9b2c1fe7c0b17
- SHA512
  
  20f3509e7cb2ebf00e1bd0a91c4fab0981cf8b90cb088abde8da63b36f785471466503edd820acbc033fdc11832ae8e3af3d9d09257f1cd0ac19d28bc0bf983a
- SSDEEP
  
  384:xXWXWXWXWXWXWXWXWXWXWXWXEXWXWXWXWXWXWXWXWXWXWXWX0XWXWXWXWXWXWXWZ:i/dNx
Score

10^/10

asyncrat cairo persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Async RAT payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Registers COM server for autorun
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

BITS Jobs

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

BITS Jobs

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratcairopersistencerat