asyncrat | b38757aa0b8ec7db067a07aacdac1a0fa553f2975bd6ba0c2e4e68697706042a | Triage

Sharing

General

Target

Windows Connection.js
Size

500KB
Sample

241126-26311svkcs
MD5

b40b62a193d094576ae47a756471e21c
SHA1

95234c51ca91c1274fcb0566e2bdfeef82e87d0c
SHA256

b38757aa0b8ec7db067a07aacdac1a0fa553f2975bd6ba0c2e4e68697706042a
SHA512

0bd272ba17d7c7130cdacaaeb39fa6b45e253b09e2ed0bb2b1f77638227a781067a8db75355815b28b4c2642a4c316d22ee7c82d32a60ac767045a8a28914792
SSDEEP

6144:9HClO5Fr4uLhK4XJoNHV/NJ5GBqXddVPBH2mif/o3mSinBk:94ur4ulCHV/L8stbkginBk

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

Xchallenger | 3Losh

Botnet

Default

C2

finityhomeplat.com:6677

Mutex

52533835-12f7-44eb-b39a-8284a4f2aa84

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Windows Connection.js
- Size
  
  500KB
- MD5
  
  b40b62a193d094576ae47a756471e21c
- SHA1
  
  95234c51ca91c1274fcb0566e2bdfeef82e87d0c
- SHA256
  
  b38757aa0b8ec7db067a07aacdac1a0fa553f2975bd6ba0c2e4e68697706042a
- SHA512
  
  0bd272ba17d7c7130cdacaaeb39fa6b45e253b09e2ed0bb2b1f77638227a781067a8db75355815b28b4c2642a4c316d22ee7c82d32a60ac767045a8a28914792
- SSDEEP
  
  6144:9HClO5Fr4uLhK4XJoNHV/NJ5GBqXddVPBH2mif/o3mSinBk:94ur4ulCHV/L8stbkginBk
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat