asyncrat

General

Target

tmp_0tdvx_8
Size

258KB
Sample

241119-khhlqssemb
MD5

1e69645ce8569c4eb86bff0904ec709a
SHA1

872dbb62d85b8ff7ecc0543b2038410c7006daa4
SHA256

ddf531ca3e77535cc8218015b2b2eaf0f7f2cb7f8cad09d3cbaea3278481d538
SHA512

a893de4baf4bc86d2677a41598e5b45b2d4b6d092de4bd66c0283344bb2b8176f3c8aae757af8427fd8e6d03370bd127d8a32790e505b932560b2bc07812aa8a
SSDEEP

1536:ZtCvd/g9bzMf2IxlBXOA7W2+IFqHCRTGA:kd/g9bzMeIxlBeA7W2+IFqHCRT

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

27-07-2024

C2

127.0.0.1:6000

104.243.32.185:6000

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  tmp_0tdvx_8
- Size
  
  258KB
- MD5
  
  1e69645ce8569c4eb86bff0904ec709a
- SHA1
  
  872dbb62d85b8ff7ecc0543b2038410c7006daa4
- SHA256
  
  ddf531ca3e77535cc8218015b2b2eaf0f7f2cb7f8cad09d3cbaea3278481d538
- SHA512
  
  a893de4baf4bc86d2677a41598e5b45b2d4b6d092de4bd66c0283344bb2b8176f3c8aae757af8427fd8e6d03370bd127d8a32790e505b932560b2bc07812aa8a
- SSDEEP
  
  1536:ZtCvd/g9bzMf2IxlBXOA7W2+IFqHCRTGA:kd/g9bzMeIxlBeA7W2+IFqHCRT
Score

10^/10

asyncrat 27-07-2024 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2