asyncrat

General

Target

efc039447276a5cbec3a462f957db357.bin
Size

12KB
Sample

240124-eyr78aadep
MD5

efc039447276a5cbec3a462f957db357
SHA1

9cc91327363b0e1817acd480b48c0b41351ee87b
SHA256

a0de57ddd8f03531fe83fa680a519d69616e04919cb0b30b2a1eac69124d6131
SHA512

7ef82df5d5afa8b97aebb2ddadc1b2714929f1886c8cedb109930a440cb04d009a0e2223f7b492e599262651e75c64d3840a4de31ebdefa0874c14b27df7cc4b
SSDEEP

192:d39TSvyA1butJdIzlogSG0IfymidyaXWOLG3Zhxs+M/8n29NYmJyGGWFGGGrG7eH:+vy/dGKIKcatCDW+I9emJJSl

Score

10^/10

asyncrat zgrat bb rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://176.107.185.29:666/Rar.jpg

exe.dropper

http://176.107.185.29:666/load.rar

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

BB

C2

icant.theworkpc.com:6606

icant.theworkpc.com:7707

icant.theworkpc.com:8808

icant.theworkpc.com:5550

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2O22-Tax-Returns.wsf
- Size
  
  22KB
- MD5
  
  98ee1c0d924160400ecef6a607233e71
- SHA1
  
  bf458f68d2080dfc3b3ab557c422e003f83a80e8
- SHA256
  
  31474cb3c6ed64770b4930d9d0ba11edc9ba03b7c09d9a3798eb8b77a81ca50a
- SHA512
  
  81e77e30dcd15edf8089eb4299c4e01914a889b90eb46ba99c90087e043832e0a6caaf7fcebd51905e31f14cdab5c042bb43de9d35078c92155197a84e370be7
- SSDEEP
  
  384:eE3AcRO1fDgpRyeBNhQz0yFvYN5E3AcRO1fDgpRyeBNhQz0yFvYN/:x3bObgDyeHk0yFvYY3bObgDyeHk0yFvg
Score

10^/10

asyncrat zgrat bb rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  DRlVERS-LlCENSE.wsf
- Size
  
  4KB
- MD5
  
  caa57de08040c5a7467546b863c6dade
- SHA1
  
  94f12d37d102aece7d32c66256bbe40efb6c1a3b
- SHA256
  
  d4f23048f4310ff503350d6d936be6ceaff825ba74cedeb52a783441aca627b7
- SHA512
  
  123bc8e1dc3166a07692cf8f1b428cf4366daaceea60438952151cf7ea27493bb302e8f59403172857a1078c66d656d571b591d4541968958a0723626a40c957
- SSDEEP
  
  96:pZ9YdUGcYNSoccNLevSNbZ9YdUGcYNSoccNLevSNm:pZ9YGGcYNSoGvSpZ9YGGcYNSoGvSE
Score

10^/10

asyncrat zgrat bb rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  PR0FlT&L0SS_2O23.wsf
- Size
  
  31KB
- MD5
  
  20874f5aa9f33c23c82862559cba74f6
- SHA1
  
  bf1b13349c19b8bf9350441292adffe9846d5723
- SHA256
  
  edc2eeccd548103567716d8f84ffad3389e061c1a0787d38d854dbf616485ebe
- SHA512
  
  e553b7defd08b73ef5760b68fb47bafd2ee38763c8806b526421ff3fab70ed8240f94dae3f5c60484d779e43a6097be4714d057ba3c5c0dc2cd475ffd5b9eaed
- SSDEEP
  
  768:x15HSHJkDKQvY5wcx3OxhJz42O4zcHJN67+15HSHJkDKQvY5wcx3OxhJz42O4zce:xRit2wq+Rit2wq1
Score

10^/10

asyncrat zgrat bb rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  ScheduIe-K.wsf
- Size
  
  4KB
- MD5
  
  eafa5d2bdb1f8bca65b208d7e6101e1c
- SHA1
  
  da7085b340e3b02d94bb4acc92ee9475133b7948
- SHA256
  
  572a90ba88b5424d527785d48667dfd95293469b07ab016970b7253e2bb5d0d0
- SHA512
  
  2114d0dda32e2224c8253a9ec038b6f212a01082bb73222780391e0842a73097c57454f248135671f67662f419bba9c5cbb7721a1eba6790eb59381e7a4bbda8
- SSDEEP
  
  96:021JYd1k2ig3AwYx4wg3CWPqrHekw21JYd1k2ig3AwYx4wg3CWPqrHek4:Np2ioAwYgSWPqTeGp2ioAwYgSWPqTeB
Score

10^/10

asyncrat zgrat bb rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

8

T1012

System Information Discovery

8

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect ZGRat V1

ZGRat

Async RAT payload

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Suspicious use of SetThreadContext

AsyncRat

Detect ZGRat V1

ZGRat

Async RAT payload

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Suspicious use of SetThreadContext

AsyncRat

Detect ZGRat V1

ZGRat

Async RAT payload

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Suspicious use of SetThreadContext

AsyncRat

Detect ZGRat V1

ZGRat

Async RAT payload

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8