asyncrat | 5b30c27eaca00c51aa594df7273f8e24d84d08a6c085147697e21b082e3e7812 | Triage

Sharing

General

Target

sostener.vbs
Size

1.9MB
Sample

241001-e38qrsvcme
MD5

640864bd8dcc33f7191cea6e8794a386
SHA1

6b651ed9e576d72b6c53e975e555572701fe2681
SHA256

5b30c27eaca00c51aa594df7273f8e24d84d08a6c085147697e21b082e3e7812
SHA512

ac0b98a599ae60043b4d652d7f2826f26918ae6eb2f99f2dec7c14b34d74bea25264da0962eef619e1c72f67d181c4a1c1d52a71a5d7e734869a18300805cc11
SSDEEP

3072:BiiiiiiiiiiiiiiiiiiiiUiiiiiiiiiiiiiiiiiiiihiiiiiiiiiiiiiiiiiiiij:8

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://91.202.233.169/Tak/Reg/Marz/DRG/RTC/F3dll.txt

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

dczas.duckdns.org:4455

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  sostener.vbs
- Size
  
  1.9MB
- MD5
  
  640864bd8dcc33f7191cea6e8794a386
- SHA1
  
  6b651ed9e576d72b6c53e975e555572701fe2681
- SHA256
  
  5b30c27eaca00c51aa594df7273f8e24d84d08a6c085147697e21b082e3e7812
- SHA512
  
  ac0b98a599ae60043b4d652d7f2826f26918ae6eb2f99f2dec7c14b34d74bea25264da0962eef619e1c72f67d181c4a1c1d52a71a5d7e734869a18300805cc11
- SSDEEP
  
  3072:BiiiiiiiiiiiiiiiiiiiiUiiiiiiiiiiiiiiiiiiiihiiiiiiiiiiiiiiiiiiiij:8
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat