asyncrat | 7b6d6d51a0032be0ac9c3b857065a2ba87caa96dac3d0023d8819eb3baa6dd8c | Triage

Sharing

General

Target

Leer Documento.vbs
Size

23.1MB
Sample

240809-k47srayfkr
MD5

c7b73269543ae666701b2d97172b93fb
SHA1

e6d9435df4b136ceac144b84ec9b8fa7cfead13a
SHA256

7b6d6d51a0032be0ac9c3b857065a2ba87caa96dac3d0023d8819eb3baa6dd8c
SHA512

3cbd06d2e480e3b62f0881a51f7f94f797201de3b6053f1f6b7728c9e3467c24c5f58d5a2304d75487703ce496de9a5d4ee795cab6a08eefa45dc68324590287
SSDEEP

1536:VPadPlP4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPm:8v

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2Fdll%20Hope.txt?alt=media&token=61c829f6-e196-49e8-b4ff-041134577ffe

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

zorra123.duckdns.org:2020

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Leer Documento.vbs
- Size
  
  23.1MB
- MD5
  
  c7b73269543ae666701b2d97172b93fb
- SHA1
  
  e6d9435df4b136ceac144b84ec9b8fa7cfead13a
- SHA256
  
  7b6d6d51a0032be0ac9c3b857065a2ba87caa96dac3d0023d8819eb3baa6dd8c
- SHA512
  
  3cbd06d2e480e3b62f0881a51f7f94f797201de3b6053f1f6b7728c9e3467c24c5f58d5a2304d75487703ce496de9a5d4ee795cab6a08eefa45dc68324590287
- SSDEEP
  
  1536:VPadPlP4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPm:8v
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat