asyncrat | 0398a87748742648ac5c4e1672a2cc1a7bf57c1e29db8c3d639f370a2150bd3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

analysis.ps1
Size

402KB
Sample

231002-fqgl7aha69
MD5

88bb75f8ca599dca5584d5739a24ce51
SHA1

1ac4fd98073a6b406d1ea3ac55a3c73430586393
SHA256

0398a87748742648ac5c4e1672a2cc1a7bf57c1e29db8c3d639f370a2150bd3e
SHA512

75504d3d1c33fcabd72c0fac7caed135dcda3a6735879edf2bbfe33e9ce20190a1d94e13e6b78580a124c66beb57b6c8a920cc427aa8d6b011a00d902ba70c51
SSDEEP

3072:kDhiyXBs84VhDEakbyxWq0xlzXHjCguXU:XTDEaWyxWqRE

Score

10^/10

asyncrat ketamen rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

KETAMEN

C2

12tainss1s.xyz:1996

Mutex

AsyncMutex_6SI8OjLyg

Attributes

delay
9
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  analysis.ps1
- Size
  
  402KB
- MD5
  
  88bb75f8ca599dca5584d5739a24ce51
- SHA1
  
  1ac4fd98073a6b406d1ea3ac55a3c73430586393
- SHA256
  
  0398a87748742648ac5c4e1672a2cc1a7bf57c1e29db8c3d639f370a2150bd3e
- SHA512
  
  75504d3d1c33fcabd72c0fac7caed135dcda3a6735879edf2bbfe33e9ce20190a1d94e13e6b78580a124c66beb57b6c8a920cc427aa8d6b011a00d902ba70c51
- SSDEEP
  
  3072:kDhiyXBs84VhDEakbyxWq0xlzXHjCguXU:XTDEaWyxWqRE
Score

10^/10

asyncrat ketamen rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

asyncratketamenrat