asyncrat | e296925add362ceb26927e02439ad56accc8ce03b14712fbd4dd41377be036aa | Triage

Submit
Reports

Overview

overview

Static

static

1

win10

windows10-2004-x64

Sharing

General

Target

Statment#5173642159.html
Size

1KB
Sample

240712-ra7zzsyeja
MD5

1231d299fcd9917fde1326f9ef677361
SHA1

f92479f63b0279c16e8499fe294e7b3d81da5942
SHA256

e296925add362ceb26927e02439ad56accc8ce03b14712fbd4dd41377be036aa
SHA512

0b76638bad3c2036c048b4b381a6192a14ed8770545d73ad8d49990ce30bd725b75fa721578e47cad8b946f63cc2e3681014acf72ba4af3598adba9e49345205

Score

10^/10

asyncrat elsa3eed execution rat

Static task

static1

Behavioral task

behavioral1

Sample

Statment#5173642159.html

Resource

win10v2004-20240704-en

asyncrat elsa3eed execution rat

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

Elsa3eed

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/C7vDhgZQ

aes.plain

Targets

- Target
  
  Statment#5173642159.html
- Size
  
  1KB
- MD5
  
  1231d299fcd9917fde1326f9ef677361
- SHA1
  
  f92479f63b0279c16e8499fe294e7b3d81da5942
- SHA256
  
  e296925add362ceb26927e02439ad56accc8ce03b14712fbd4dd41377be036aa
- SHA512
  
  0b76638bad3c2036c048b4b381a6192a14ed8770545d73ad8d49990ce30bd725b75fa721578e47cad8b946f63cc2e3681014acf72ba4af3598adba9e49345205
Score

10^/10

asyncrat elsa3eed execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratelsa3eedexecutionrat

© 2018-2025

Terms | Privacy