asyncrat

General

Target

05012024_0011_g4.vbs
Size

731B
Sample

240104-tnc3wafdb8
MD5

b0f5cedd7db682ffda4ce4968eac926d
SHA1

3200790fa2df151aace6a3454e167de2b89fad6e
SHA256

cc810f437d25ad3ba039f7007f3e7b96826d1d96d470a7f3371ddd17ac888f28
SHA512

7fe0f16adeb11eccd10955114451356b68a8dd61c79d606aeb435ecdacd87e5dfc0c6dfefe47bd234cb398a2158440001829ef772226323616fb5a8b2c5d72c3

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://104.243.44.136:666/moh.jpg

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://nodejs.org/download/release/v6.17.1/win-x64/node.exe

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

DOX_2024

C2

w3llsfarg0h0st.ddns.net:2244

Mutex

AsyncMutex_doxfofikdw32

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  05012024_0011_g4.vbs
- Size
  
  731B
- MD5
  
  b0f5cedd7db682ffda4ce4968eac926d
- SHA1
  
  3200790fa2df151aace6a3454e167de2b89fad6e
- SHA256
  
  cc810f437d25ad3ba039f7007f3e7b96826d1d96d470a7f3371ddd17ac888f28
- SHA512
  
  7fe0f16adeb11eccd10955114451356b68a8dd61c79d606aeb435ecdacd87e5dfc0c6dfefe47bd234cb398a2158440001829ef772226323616fb5a8b2c5d72c3
Score

10^/10

asyncrat zgrat dox_2024 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Detect ZGRat V1

ZGRat

Async RAT payload

Downloads MZ/PE file

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2