General
-
Target
las.cmd
-
Size
72KB
-
Sample
240523-t7bddshd4z
-
MD5
4bfe57ca78dd1ac468e92a2307783552
-
SHA1
73966e6a19ba6f1ea47002ddcbc42d5ac6434b22
-
SHA256
3e0590e42affae14f003fe2686abb8bd9be6e2fb48f7160779d0dc0c03cdfeee
-
SHA512
21a0071708eaeead1ebf0cb96ab39955b6ced797c0b9e25005c5c8ae4659f2ef842de42572f15fa02eb91df82eb5ba82b1b0d06d09d908d835f039f23fca4572
-
SSDEEP
1536:W4s6PYSYp0q0tIlQ2baGAIbsIpcEj/Bi81w2yfmfV2fymv:46PHY2glQ2nAIQUcY91Fj2fyi
Malware Config
Extracted
asyncrat
0.5.7B
Default
hjdsasync.duckdns.org:8797
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
las.cmd
-
Size
72KB
-
MD5
4bfe57ca78dd1ac468e92a2307783552
-
SHA1
73966e6a19ba6f1ea47002ddcbc42d5ac6434b22
-
SHA256
3e0590e42affae14f003fe2686abb8bd9be6e2fb48f7160779d0dc0c03cdfeee
-
SHA512
21a0071708eaeead1ebf0cb96ab39955b6ced797c0b9e25005c5c8ae4659f2ef842de42572f15fa02eb91df82eb5ba82b1b0d06d09d908d835f039f23fca4572
-
SSDEEP
1536:W4s6PYSYp0q0tIlQ2baGAIbsIpcEj/Bi81w2yfmfV2fymv:46PHY2glQ2nAIQUcY91Fj2fyi
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-