asyncrat | 1cf135e1f7c5574ed17b6dd7a55406d9f7645cedc44dc400cb90782b1381b321 | Triage

Sharing

General

Target

xt.png.ps1
Size

712KB
Sample

240710-f25hds1cqf
MD5

8bc95d2d1480070e0cccb017799b7b46
SHA1

868023685bbcd9308b2c0df2aa8bd9ff87054c89
SHA256

1cf135e1f7c5574ed17b6dd7a55406d9f7645cedc44dc400cb90782b1381b321
SHA512

95b105024fe1477dd6e063cbae74ddc312b3a11637d633dd3dd546ec1711b38b49610819388fad3cae4f9ece17a249040d2f955c1ab378e24dbad2bca576a412
SSDEEP

12288:9+x48PQ0D1VF5sh0cxArBhOmg1xHxR3C3rfLG48K:9848PQ0D1b53cxAYK

Score

10^/10

asyncrat ca execution rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

CA

C2

shady-mo.duckdns.org:9090

Mutex

Async_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  xt.png.ps1
- Size
  
  712KB
- MD5
  
  8bc95d2d1480070e0cccb017799b7b46
- SHA1
  
  868023685bbcd9308b2c0df2aa8bd9ff87054c89
- SHA256
  
  1cf135e1f7c5574ed17b6dd7a55406d9f7645cedc44dc400cb90782b1381b321
- SHA512
  
  95b105024fe1477dd6e063cbae74ddc312b3a11637d633dd3dd546ec1711b38b49610819388fad3cae4f9ece17a249040d2f955c1ab378e24dbad2bca576a412
- SSDEEP
  
  12288:9+x48PQ0D1VF5sh0cxArBhOmg1xHxR3C3rfLG48K:9848PQ0D1b53cxAYK
Score

10^/10

execution asyncrat ca rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratcaexecutionrat