asyncrat | ec09aa685c53c656c4f4d539a9cdc47d00360d2250db2dd5972f13f78f8943e7 | Triage

Sharing

General

Target

1c8e29dbcd8795f22f73483b6e20929e0025fd113cd9b7b760aaf5aec3b5b9ee.zip
Size

87KB
Sample

240711-tjzq3swfka
MD5

355c34b5fed1cd15b764db3d48193ed2
SHA1

8b5a1fa00847e51d55f71a9df1dfa0592be25074
SHA256

ec09aa685c53c656c4f4d539a9cdc47d00360d2250db2dd5972f13f78f8943e7
SHA512

a520b1ac99bd16fc14509d9088a8fd1797b4a1d56f6b32644fc95d046b3fd35e8a08692924e90846a07e85065accb56d35adc59296faf8cd3e89348505f3d7fa
SSDEEP

1536:0dB2ZKHAomJ7ubPt0dKfDTCYJq2HkBiUCcX6yDVAIO7qUD2zuMiGM39pGf5aA3hM:0fgD6PVb+qEBrKa+7qUy2QaA3hYH

Score

10^/10

asyncrat newjop execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

newjop

C2

backwork07.ddns.net:6666

Mutex

AsyncMutex_raTMpP7xS21cDAE8

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1c8e29dbcd8795f22f73483b6e20929e0025fd113cd9b7b760aaf5aec3b5b9ee.ps1
- Size
  
  553KB
- MD5
  
  223b842e87e7d124f133e2b21090e717
- SHA1
  
  99c830f860fe5d34b3802a62c790e0c26c7f1e5b
- SHA256
  
  1c8e29dbcd8795f22f73483b6e20929e0025fd113cd9b7b760aaf5aec3b5b9ee
- SHA512
  
  f83274a71a388b0349cdbfed15ae152cfd3dfb45c22d81171a4e1a74f0a298a53b68d53fc75e15b8b08195f8d5020f33397d5d33dac2aa8826a5894680555db6
- SSDEEP
  
  1536:kDh8DyXBs84VhDEak0EyxWq0IxZQjepORUXl9cGnZneXVsl6cGMyQxI:kDhiyXBs84VhDEakbyxWq0IYz2I
Score

10^/10

execution asyncrat newjop rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratnewjopexecutionrat