Overview

overview

10

Static

static

3

rNewOrder.bat.exe

windows7-x64

10

rNewOrder.bat.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rNewOrder.bat.exe

  • Size

    679KB

  • Sample

    240216-p3gmdsbc3t

  • MD5

    170ed51ddb22cd75bf0fa4fa2a1bb6c4

  • SHA1

    2e74fd6be27a77a883208db0d09524f15dfa7d00

  • SHA256

    2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d

  • SHA512

    ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865

  • SSDEEP

    12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8

Score
10/10
asyncrat2024rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

2024

C2

rat.loseyourip.com:6606

rat.loseyourip.com:7707

rat.loseyourip.com:8808
Mutex

Async_2024

Attributes
  • delay

    3

  • install

    true

  • install_file

    csrss.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      rNewOrder.bat.exe

    • Size

      679KB

    • MD5

      170ed51ddb22cd75bf0fa4fa2a1bb6c4

    • SHA1

      2e74fd6be27a77a883208db0d09524f15dfa7d00

    • SHA256

      2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d

    • SHA512

      ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865

    • SSDEEP

      12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8

    Score
    10/10
    asyncrat2024rat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks