asyncrat | ec7d6975587d8dd4effb5727882b1fbb867766d4df73ec304c88d27362ce6ace | Triage

Sharing

General

Target

2.ps1
Size

1002KB
Sample

240803-wq1cas1bmn
MD5

53c4c7466cebb3357a4bf5fdde6e03bd
SHA1

3ae57e66c6651b2c35b873db5de86b87ccc969ad
SHA256

ec7d6975587d8dd4effb5727882b1fbb867766d4df73ec304c88d27362ce6ace
SHA512

aa7a49bde2e30748853b66c772d5bc72372699d52a0d4806d373e870eaa0488ba6ff7b92669e15c9b0180f4cfebd45e698a75b514512b6eddb338dfaf2d2a75e
SSDEEP

24576:TawjBUo3v/AOhx415r2X0Kin4clpSeuoZ+tF0USjpMmaXBxwP0oOGAlLRqkbx2yY:e

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

grogrogrogro.ddnsgeek.com:4444

Mutex

AsyncMutex_6SI8OWDAW

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2.ps1
- Size
  
  1002KB
- MD5
  
  53c4c7466cebb3357a4bf5fdde6e03bd
- SHA1
  
  3ae57e66c6651b2c35b873db5de86b87ccc969ad
- SHA256
  
  ec7d6975587d8dd4effb5727882b1fbb867766d4df73ec304c88d27362ce6ace
- SHA512
  
  aa7a49bde2e30748853b66c772d5bc72372699d52a0d4806d373e870eaa0488ba6ff7b92669e15c9b0180f4cfebd45e698a75b514512b6eddb338dfaf2d2a75e
- SSDEEP
  
  24576:TawjBUo3v/AOhx415r2X0Kin4clpSeuoZ+tF0USjpMmaXBxwP0oOGAlLRqkbx2yY:e
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat