Overview

overview

10

Static

static

1

f.vbs

windows7-x64

8

f.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f.txt

  • Size

    346B

  • Sample

    230606-w3j6vafe7z

  • MD5

    41e54b45d2ab4718156a2d978aeb2eaa

  • SHA1

    b8f924f1fd50d3feba999029615ae6d2b47ecea7

  • SHA256

    eac03f7bc83d42d686c55a12736a74086e1feada3ef4181f79c5435311a5358d

  • SHA512

    96a51af6ebb69dc01971fef39a5e033417a02299080804a7062182f64be5b9c5ce0ac863397e34bfeca5a1b1c767883a4b6b3888e36e8f443ac0f1bb661e7727

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

195.178.120.137:4001

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f.txt

    • Size

      346B

    • MD5

      41e54b45d2ab4718156a2d978aeb2eaa

    • SHA1

      b8f924f1fd50d3feba999029615ae6d2b47ecea7

    • SHA256

      eac03f7bc83d42d686c55a12736a74086e1feada3ef4181f79c5435311a5358d

    • SHA512

      96a51af6ebb69dc01971fef39a5e033417a02299080804a7062182f64be5b9c5ce0ac863397e34bfeca5a1b1c767883a4b6b3888e36e8f443ac0f1bb661e7727

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks