asyncrat | c6d5288639389f37a0ccfa3139b1a72916133231245b7bca53d9734c6372747d | Triage

Submit
Reports

Overview

overview

Static

static

1

1.ps1

windows7-x64

5

1.ps1

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1.png
Size

256KB
Sample

230518-qyx91sbb45
MD5

787c9472089b40d62f2bc7da5c1de59c
SHA1

42179eb8d1c990275a5e9920f14e91c91cf25db9
SHA256

c6d5288639389f37a0ccfa3139b1a72916133231245b7bca53d9734c6372747d
SHA512

d8cb1730e5d83366f472fd7cf72d4970b9e40ca1932e4a7a21e13e9dc81244b3f8c53c8937f0ce8beaabf50f12f0d391bf4a5385b51615bfe157439287847895
SSDEEP

6144:LhMHd8wF9VtLr3EXGpI5cGIE+QITgA5kE315N3Ap8:qHt9VtLr3EXGpI5cGIBtX

Score

10^/10

asyncrat default rat

Static task

static1

Behavioral task

behavioral1

Sample

1.ps1

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1.ps1

Resource

win10v2004-20230221-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

mikedonohue.kozow.com:30305

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1.png
- Size
  
  256KB
- MD5
  
  787c9472089b40d62f2bc7da5c1de59c
- SHA1
  
  42179eb8d1c990275a5e9920f14e91c91cf25db9
- SHA256
  
  c6d5288639389f37a0ccfa3139b1a72916133231245b7bca53d9734c6372747d
- SHA512
  
  d8cb1730e5d83366f472fd7cf72d4970b9e40ca1932e4a7a21e13e9dc81244b3f8c53c8937f0ce8beaabf50f12f0d391bf4a5385b51615bfe157439287847895
- SSDEEP
  
  6144:LhMHd8wF9VtLr3EXGpI5cGIE+QITgA5kE315N3Ap8:qHt9VtLr3EXGpI5cGIBtX
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultrat

© 2018-2025

Terms | Privacy