General

  • Target

    sample.ps1

  • Size

    454KB

  • Sample

    240313-bjzf7sgc5w

  • MD5

    cecbccc6070ba51f95d1fac8efe9d502

  • SHA1

    e98f4fe39fdeb1c789c40f59bec00e2113f04e79

  • SHA256

    8b3d0a3f0184112cc79752665d658eb8011a1b33fdfbef8d95e597715a828510

  • SHA512

    dfe5f7d95c6f664ccf7cf33e2c2937fdd8b3b6477ad7cecf3fb84e96151b506d79a7794481aea737f5dabac3d4c8691952b340c332a99f8fced441a71d295bd1

  • SSDEEP

    3072:tjDhiyXBs84VhDEakbyxWq0wswTVqipUEyoL/a:0TDEaWyxWqowYkUEyYi

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

VBS_2024

C2

drax2023.run.place:6606

drax2023.run.place:7707

drax2023.run.place:8808

Mutex

AsyncMutex_vbs202420251

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      sample.ps1

    • Size

      454KB

    • MD5

      cecbccc6070ba51f95d1fac8efe9d502

    • SHA1

      e98f4fe39fdeb1c789c40f59bec00e2113f04e79

    • SHA256

      8b3d0a3f0184112cc79752665d658eb8011a1b33fdfbef8d95e597715a828510

    • SHA512

      dfe5f7d95c6f664ccf7cf33e2c2937fdd8b3b6477ad7cecf3fb84e96151b506d79a7794481aea737f5dabac3d4c8691952b340c332a99f8fced441a71d295bd1

    • SSDEEP

      3072:tjDhiyXBs84VhDEakbyxWq0wswTVqipUEyoL/a:0TDEaWyxWqowYkUEyYi

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks