asyncrat

Resubmissions

07-03-2024 11:55

240307-n3vzcaae56 10

07-03-2024 08:02

240307-jw8jmsfc87 10

Sharing

Copy URL

Twitter E-mail

General

Target

http://94.156.69.35:222
Sample

240307-n3vzcaae56

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

New MSY

windows11.loseyourip.com:6606

windows11.loseyourip.com:7707

windows11.loseyourip.com:8808

windows11.loseyourip.com:4747

Mutex

AsyncMutex_6SI8OkPnl

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  http://94.156.69.35:222
Score

10^/10

asyncrat zgrat new msy rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Checks computer location settings

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

urlscan1

behavioral1