asyncrat | b026259f2b7111c2f22846579fee6daf50b10a983eaa91d4e1f93c65d4887348 | Triage

Sharing

General

Target

201f42fefc3fe9ccb91d681c146f9b71.vbs
Size

6.2MB
Sample

241018-b6y4ysyhld
MD5

201f42fefc3fe9ccb91d681c146f9b71
SHA1

bff72444888b11c5b5d03eb407af7d2f88b49960
SHA256

b026259f2b7111c2f22846579fee6daf50b10a983eaa91d4e1f93c65d4887348
SHA512

9dc8d1a9ec32b3b54220f644ec85f173d98df1e16247e1f23556f348e546deebba7924cd2c7ddb692bfc39dd8dacbc84118287f8d94282192c91558c3726169d
SSDEEP

384:+555X555X555X555W555X555X555X555n555X555X555X555W555X555X555X55P:Y

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/J6uRjZrv

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

dcrat13.duckdns.org:3013

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  201f42fefc3fe9ccb91d681c146f9b71.vbs
- Size
  
  6.2MB
- MD5
  
  201f42fefc3fe9ccb91d681c146f9b71
- SHA1
  
  bff72444888b11c5b5d03eb407af7d2f88b49960
- SHA256
  
  b026259f2b7111c2f22846579fee6daf50b10a983eaa91d4e1f93c65d4887348
- SHA512
  
  9dc8d1a9ec32b3b54220f644ec85f173d98df1e16247e1f23556f348e546deebba7924cd2c7ddb692bfc39dd8dacbc84118287f8d94282192c91558c3726169d
- SSDEEP
  
  384:+555X555X555X555W555X555X555X555n555X555X555X555W555X555X555X55P:Y
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat