asyncrat | 21d27f29540147603af9a74b194f553342254ee4daea07359e6bd1246442d4f8 | Triage

Sharing

General

Target

21d27f29540147603af9a74b194f553342254ee4daea07359e6bd1246442d4f8.vbs
Size

109KB
Sample

241002-dwxjgsvckq
MD5

4b7be0dcd6bdb340088d2dd657442b0b
SHA1

960cac0a7a81530161aee49444fbb380d0f89fb3
SHA256

21d27f29540147603af9a74b194f553342254ee4daea07359e6bd1246442d4f8
SHA512

9dac7a96cf8b5eb1b608313a6bdb7ea86c97bce03ddb916874879acf994567c6020ccc4333c681b80e04e601a9ca49a787636d237f974ec3c6a87f85e504d7f5
SSDEEP

768:eRXrFjNlww2JSTnnLIJhG/Hqgt5pDt5j2GwgvxXy7yPcbE:GXJZ6STnLIJh8qgt5pz2GwgvxXy73Q

Score

10^/10

asyncrat klll discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

exe.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

Extracted

Family

asyncrat

Version

1.0.7

Botnet

KLLL

C2

148.113.165.11:3236

Mutex

Dggx_gg

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  21d27f29540147603af9a74b194f553342254ee4daea07359e6bd1246442d4f8.vbs
- Size
  
  109KB
- MD5
  
  4b7be0dcd6bdb340088d2dd657442b0b
- SHA1
  
  960cac0a7a81530161aee49444fbb380d0f89fb3
- SHA256
  
  21d27f29540147603af9a74b194f553342254ee4daea07359e6bd1246442d4f8
- SHA512
  
  9dac7a96cf8b5eb1b608313a6bdb7ea86c97bce03ddb916874879acf994567c6020ccc4333c681b80e04e601a9ca49a787636d237f974ec3c6a87f85e504d7f5
- SSDEEP
  
  768:eRXrFjNlww2JSTnnLIJhG/Hqgt5pDt5j2GwgvxXy7yPcbE:GXJZ6STnLIJh8qgt5pz2GwgvxXy73Q
Score

10^/10

execution asyncrat klll discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratkllldiscoveryexecutionrat