Overview

overview

10

Static

static

1

file.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.bat

  • Size

    226B

  • Sample

    231113-v9lgtaec41

  • MD5

    b34b91cd445ac63caa329c1ae21fc024

  • SHA1

    5fae83ff22c9c5f8e681a69d9c7f405dbfeffb94

  • SHA256

    c0ecdb5046ff0c85592a794cb42f8acc7d1814892a890f07f4e1a9f3e0e0b2df

  • SHA512

    3ec3570670e00580ccb2e188a08cd4d580bef8315fd3063bfff605a9c84a6d32dbac28f5bc70489f008e36b3a41f281e1a7777ca5493186f8e9e9f7e0e7739e6

Score
10/10
asyncratzgratdefaultrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://91.92.242.28:222/jn.jpg

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

win009.theworkpc.com:5010

Mutex

AsyncMutex_alosh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      file.bat

    • Size

      226B

    • MD5

      b34b91cd445ac63caa329c1ae21fc024

    • SHA1

      5fae83ff22c9c5f8e681a69d9c7f405dbfeffb94

    • SHA256

      c0ecdb5046ff0c85592a794cb42f8acc7d1814892a890f07f4e1a9f3e0e0b2df

    • SHA512

      3ec3570670e00580ccb2e188a08cd4d580bef8315fd3063bfff605a9c84a6d32dbac28f5bc70489f008e36b3a41f281e1a7777ca5493186f8e9e9f7e0e7739e6

    Score
    10/10
    asyncratzgratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks