asyncrat | 7549d4a121e1e7b5dc056cebe025d1af3d8c03440cad9bb23697c3f9bc6d07a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

New Compre...er.zip

windows10-1703-x64

Sharing

General

Target

New Compressed (zipped) Folder.zip
Size

7.0MB
Sample

230927-sb7w2sbe8s
MD5

3fd66dc82138d1427d43e70b36b4cd3a
SHA1

39fe86fbba36a06220c96f72f7aed0f2e0bd168d
SHA256

7549d4a121e1e7b5dc056cebe025d1af3d8c03440cad9bb23697c3f9bc6d07a9
SHA512

d036d2423eb28ea48f0a9d410c357b79f99371b8730dd19a38c8277b76b4f442762044e15efa361d4185d0648478b34b4f4957ba72aba6df71a334d033bc2253
SSDEEP

196608:wB83eQOA1B47Y0Az9MORof8EYFtDh+u1GBSDqRuJrHlU3s8YuW:MrQfqLABBBF7N17qRyHlEs8YuW

Score

10^/10

asyncrat vjw0rm mac persistence rat trojan worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Compressed (zipped) Folder.zip

Resource

win10-20230915-en

asyncrat vjw0rm mac persistence rat trojan worm

windows10-1703-x64

25 signatures

300 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

MAC

C2

74.208.105.80:7777

74.208.105.80:2005

mtest.loseyourip.com:7777

mtest.loseyourip.com:2005

Mutex

AsyncMutex_3losh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  New Compressed (zipped) Folder.zip
- Size
  
  7.0MB
- MD5
  
  3fd66dc82138d1427d43e70b36b4cd3a
- SHA1
  
  39fe86fbba36a06220c96f72f7aed0f2e0bd168d
- SHA256
  
  7549d4a121e1e7b5dc056cebe025d1af3d8c03440cad9bb23697c3f9bc6d07a9
- SHA512
  
  d036d2423eb28ea48f0a9d410c357b79f99371b8730dd19a38c8277b76b4f442762044e15efa361d4185d0648478b34b4f4957ba72aba6df71a334d033bc2253
- SSDEEP
  
  196608:wB83eQOA1B47Y0Az9MORof8EYFtDh+u1GBSDqRuJrHlU3s8YuW:MrQfqLABBBF7N17qRyHlEs8YuW
Score

10^/10

asyncrat vjw0rm mac persistence rat trojan worm
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Async RAT payload
  rat
- Blocklisted process makes network request
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratvjw0rmmacpersistencerattrojanworm

© 2018-2025

Terms | Privacy