asyncrat | 460d093a55b930e733c60575f82183cd0edd52ec6b927cdb4a93dc5da7f0ac9c | Triage

Sharing

General

Target

664b1e31dfe2a502e76c1bfe4d4b7593.ps1.vir
Size

212KB
Sample

230403-c5e55adf8y
MD5

664b1e31dfe2a502e76c1bfe4d4b7593
SHA1

cb6442df1aa65a7a1d12123a38c2e4e5de07d99d
SHA256

460d093a55b930e733c60575f82183cd0edd52ec6b927cdb4a93dc5da7f0ac9c
SHA512

8e5220635e08dba1f6e286f36aa610b3052eaad9807bb6f8ab3f5a64430bfbcf5f6aa62491868ccd5e1942143c278e4051b14b1be01898c7f60601049cafa129
SSDEEP

3072:hTPTwLhFrOBsc4VsTKkcU/DNv9O9djB3zNn42SSeAq1ldm:FwLKpKkcUbNv9OPB3zNySeAq1i

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

nulled2nd.camdvr.org:6666

Mutex

AsyncMutex_null

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  664b1e31dfe2a502e76c1bfe4d4b7593.ps1.vir
- Size
  
  212KB
- MD5
  
  664b1e31dfe2a502e76c1bfe4d4b7593
- SHA1
  
  cb6442df1aa65a7a1d12123a38c2e4e5de07d99d
- SHA256
  
  460d093a55b930e733c60575f82183cd0edd52ec6b927cdb4a93dc5da7f0ac9c
- SHA512
  
  8e5220635e08dba1f6e286f36aa610b3052eaad9807bb6f8ab3f5a64430bfbcf5f6aa62491868ccd5e1942143c278e4051b14b1be01898c7f60601049cafa129
- SSDEEP
  
  3072:hTPTwLhFrOBsc4VsTKkcU/DNv9O9djB3zNn42SSeAq1ldm:FwLKpKkcUbNv9OPB3zNySeAq1i
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat