asyncrat | 8d0eb91898ea8755985a9e77ff54d5a0594002c58cb8a2c0b45e4c05e3e4dccb | Triage

Sharing

General

Target

014f46936a5c013b91321a8278cea9b9.bin
Size

67KB
Sample

241018-bcn2wszclq
MD5

32adccd1202612df0c88caa52be70b76
SHA1

d6acc1b227c0f129c7788fc83897318b7d3894c4
SHA256

8d0eb91898ea8755985a9e77ff54d5a0594002c58cb8a2c0b45e4c05e3e4dccb
SHA512

77fbb1077c064a587da3f2d147f2b390c06a82c7d58e255a4d5269dca5ffaa6403ad82e6700f199b68e2d8df29f13ea16657598882f6e8d125f902d2ef6c4263
SSDEEP

1536:ItkbxRi3AhhGiI+lx25xnUuFFuW3lw1hMq0SiGQ32x0qYZY:IibxRi34GGx2jnUuF0W3lw1uqhiGcWz

Score

10^/10

asyncrat mado-marco discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

MADO-Marco

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/yWgaKKwH

aes.plain

Targets

- Target
  
  ea6776496baaaa60c2825e976eeec430330246f54ad0d09ba0b05f64c19eb9da.ps1
- Size
  
  440KB
- MD5
  
  014f46936a5c013b91321a8278cea9b9
- SHA1
  
  2be8ba3d4305a4abac91939e7baff191b0fe9173
- SHA256
  
  ea6776496baaaa60c2825e976eeec430330246f54ad0d09ba0b05f64c19eb9da
- SHA512
  
  93192da9d97f1d63d3e4e6287af0c1dd2b793af9b0b019d39116a384a1008a03d62daadfdcfbdeffa098581e630a39fb5145bd45020d90bf55955c284b96e781
- SSDEEP
  
  1536:wUdAHeDN4NDabDzuCO4dfk2/o8wKhqydCZFy07GOQnAW9xrH8LtndfP9wRpnRvLQ:woF0tUVK7muzD5P6qAhTiNXY9E
Score

10^/10

execution asyncrat mado-marco discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratmado-marcodiscoveryexecutionrat