asyncrat | 2a08ea90518aa5b6f42d1ffa9632584fabe46dacc993732ac9776a71b9ac8acd | Triage

Sharing

General

Target

WWjjNTGdMh.vbs
Size

12KB
Sample

241019-h4cw9stekc
MD5

75f80ac848e2c5c71c5fc4960da7a430
SHA1

abcd9316f8a1251220db81d4d075ae659a0fb790
SHA256

2a08ea90518aa5b6f42d1ffa9632584fabe46dacc993732ac9776a71b9ac8acd
SHA512

af4db86a398ac31f3b7d909ed62c8ea6b3672db933deadf32ae74e3dac581816372bfb0fc113f5b1aab462291d560516cadd52c655eebd79b7f639467c2c0ce1
SSDEEP

48:UvvvvvvvvvvviddddddddddFP5+31HtwLhLtz/zzUSAzzzzzzzzzzzzzzzzzzzze:UvvvvvvvvvvviddddddddddZagKoJ

Score

10^/10

asyncrat kk_______discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

kk_______

C2

helpher.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  WWjjNTGdMh.vbs
- Size
  
  12KB
- MD5
  
  75f80ac848e2c5c71c5fc4960da7a430
- SHA1
  
  abcd9316f8a1251220db81d4d075ae659a0fb790
- SHA256
  
  2a08ea90518aa5b6f42d1ffa9632584fabe46dacc993732ac9776a71b9ac8acd
- SHA512
  
  af4db86a398ac31f3b7d909ed62c8ea6b3672db933deadf32ae74e3dac581816372bfb0fc113f5b1aab462291d560516cadd52c655eebd79b7f639467c2c0ce1
- SSDEEP
  
  48:UvvvvvvvvvvviddddddddddFP5+31HtwLhLtz/zzUSAzzzzzzzzzzzzzzzzzzzze:UvvvvvvvvvvviddddddddddZagKoJ
Score

10^/10

execution asyncrat kk_______discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratkk_______discoveryexecutionrat