asyncrat

General

Target

uPh2C
Size

58KB
Sample

241120-sz5ftstkeq
MD5

705e54950f28c565dbe4818eb2be7423
SHA1

19ff36dbb676a64197e0a645adf317d2b9cc17d3
SHA256

0844465dfa8bb241f452c320bc6caf6cec645b461dbcd468a2afc9dc900e595c
SHA512

cc9b21272ba9a2fa038a82c8206303575ce9374f1275b9c394407828c475789616e914befecf58e25c94d451fa92d5a313a611188516b4120015846dac56288f
SSDEEP

1536:a0vDHXpEjO9Xwq2Sk6e2Nhxdd5pdLv+l/4QmuWOMP3HXpEjO9Xwq2Sk6e2Nhxddi:aoDHXp+q62Nhxdd5pdq61HXp+q62Nhx6

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f

exe.dropper

https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f

Extracted

Family

asyncrat

Version

1.0.7

Botnet

1

C2

148.113.165.11:3236

Mutex

asassassas

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  uPh2C
- Size
  
  58KB
- MD5
  
  705e54950f28c565dbe4818eb2be7423
- SHA1
  
  19ff36dbb676a64197e0a645adf317d2b9cc17d3
- SHA256
  
  0844465dfa8bb241f452c320bc6caf6cec645b461dbcd468a2afc9dc900e595c
- SHA512
  
  cc9b21272ba9a2fa038a82c8206303575ce9374f1275b9c394407828c475789616e914befecf58e25c94d451fa92d5a313a611188516b4120015846dac56288f
- SSDEEP
  
  1536:a0vDHXpEjO9Xwq2Sk6e2Nhxdd5pdLv+l/4QmuWOMP3HXpEjO9Xwq2Sk6e2Nhxddi:aoDHXp+q62Nhxdd5pdq61HXp+q62Nhx6
Score

10^/10

execution asyncrat 1 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2