asyncrat | a53dc263c25bce491df0595cbb9308301e838291f54d4af262ee8b09ca65ba94 | Triage

Sharing

General

Target

f7e1a94ec3edbf35b24cb683c5732118
Size

61KB
Sample

231013-tt6blsbf4y
MD5

f7e1a94ec3edbf35b24cb683c5732118
SHA1

4c228e440c076fc636a5c692f33f5ad100dac3c4
SHA256

a53dc263c25bce491df0595cbb9308301e838291f54d4af262ee8b09ca65ba94
SHA512

bae50f2316fb293f68c40fb15884b5b1101d645897335d5c9b56450ce30c8426e64da648cceaa50a7266b43ce8466f652fef8fe875bd253501a0f2657d79ba7d
SSDEEP

768:svkwwEozBfrAYfFwJZyVA7V6GdSnXSSY5Cc32CRVGw643Ct8+Bv4wUg1Tv8egy9E:sMHhJk4eJPVWniSY8cFTntQvj82DGNSa

Score

10^/10

asyncrat 2 rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2

C2

shady-mo.duckdns.org:9090

Mutex

Async_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ReklamX.bat
- Size
  
  190B
- MD5
  
  75db134e7941ac7093e2a0a82dd5c710
- SHA1
  
  52b1e5d355229302ce1def826d3842d3b346037d
- SHA256
  
  2a407f7b0e9fc016bdaa72700d28785fb61c49418c55e7be09dc68f71924379f
- SHA512
  
  d4ffe32ef04e2a0d6660aa52998b463d164415aec406d723dad3192887a8c82ecaaa03bea79f1d6032f41fc7c6dc0220fc0d4be17a310cd6698081a2fda5cc97
Score

1^/10
behavioral1 behavioral2
- Target
  
  ReklamX.ps1
- Size
  
  218KB
- MD5
  
  99b48c03c4ff907b9670a0de6a266253
- SHA1
  
  9c0c54e69f4603ad6566cd6e81ecff242c2bb0de
- SHA256
  
  8dba2ac1f543d24b14ca1fdf0e1e2d8333c5cc669f78afc905d512aed21e6b2f
- SHA512
  
  520e7f68c8e346e26e4b2367bde0fce9c18eb511e2801a9ef3707899bdfba280a082adf437c1f9b6c720b8ef1c6f49fde4b88ab64263b3a7f3de780bd6919750
- SSDEEP
  
  3072:7Xo+jQdMhvSWm8+B0RjcGd1F9h/IleqxEAY5clv3mD/DZgIIG0O:bzjQdMhvFuO
Score

10^/10

asyncrat 2 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  ReklamX.vbs
- Size
  
  2KB
- MD5
  
  621f52a97183232929d680737fb82f7b
- SHA1
  
  b2e4d0e1296371157fa437fb5ff2ba3399975431
- SHA256
  
  1528103ebbe85cca99e515d72e376c3f15f412bbeb7d70c7c32fb7cac4065aa4
- SHA512
  
  c803cb95eb1cdb8efa7bb1b452166992932af5b2555adeba9c5c477ab38978209736af9fd989a0aabfd1c56afb816c366a90ba9702274152ab245738753c59cb
Score

3^/10
behavioral5 behavioral6
- Target
  
  ini.bat
- Size
  
  192B
- MD5
  
  50d67ac3dfe55559558e009ca80eb632
- SHA1
  
  2bf8f4d3bb1944b02b5373ff81ae2c2eda307450
- SHA256
  
  81b3e8967d14e93c9a04224969c520102ad69035aef2834a89d152c7185c7a6e
- SHA512
  
  49499b556ca00ee445d35cec051557759b3503b4ceea7e8a2226b317368a160340e4d878b970384cf902939807541617a2049fb67ecfd1148dea4d4ebc0255d5
Score

1^/10
behavioral7 behavioral8
- Target
  
  ini.ps1
- Size
  
  747B
- MD5
  
  71d276530525756ea14087eaec0bc465
- SHA1
  
  8789d58df8c41d1a42be25e23bc9d73213f909f4
- SHA256
  
  2a3ef26379e1a38f96157b0b675609f1240302ae709147bea9cbf37a2519c512
- SHA512
  
  178003d1ce2c9b91c0a33e707161145be71437ef9d31d0befa2ee1e6dca8b3fa6d7c2aebffa266f38dac07f5e25f3c753864ab93b0a60b89440254602199ff96
Score

1^/10
behavioral10 behavioral9
- Target
  
  ini.vbs
- Size
  
  391B
- MD5
  
  eaa263484772ed520b3fd20b98e59c25
- SHA1
  
  f5ade32907f36786839c7e6de6fa02c9aa797282
- SHA256
  
  bc157b80a736d69552add6f62c41207926a1016bdad22b4b358f67d0fb5a4613
- SHA512
  
  3488c2151cefde9905cbd3eb27d643e0dc2db6f3c4ce05d43fa9a73da3429c922de489d1f92812ac552b4e9e257751bb9a0f7e2bc1d3c92e38701554c1b7c50f
Score

3^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12