asyncrat | 68261a28c46b6107abe48b767a31c161c932a2371c64dfff49db820ec3b2e312 | Triage

Sharing

General

Target

asegurar.vbs
Size

2.6MB
Sample

241203-r42easvnaj
MD5

3c6884c4d3a5348a023bf408ea0f9715
SHA1

86f369b8381c094535e6c77af39609d556797bfe
SHA256

68261a28c46b6107abe48b767a31c161c932a2371c64dfff49db820ec3b2e312
SHA512

9e4ba2e50ffc6ae7d49ba0d77bf746c4ddcc139d1b3e20ee55c2ff403497046693cefaf8ec64a13a8eae74f95fbf288e12b1170b08ab50cd67e78fe6cfdbcfb1
SSDEEP

192:blLUdjoZvsBef7e3vtEMUETN9Bgdm6wVvl:cGb7SOE90m6w/

Score

10^/10

asyncrat tarea 2 discovery execution rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/Adv9gBHa

exe.dropper

https://pastebin.com/raw/Adv9gBHa

Extracted

Family

asyncrat

Version

1.0.7

Botnet

tarea 2

C2

02dic.duckdns.org:8000

Mutex

DcRatMutex_qwsafun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  asegurar.vbs
- Size
  
  2.6MB
- MD5
  
  3c6884c4d3a5348a023bf408ea0f9715
- SHA1
  
  86f369b8381c094535e6c77af39609d556797bfe
- SHA256
  
  68261a28c46b6107abe48b767a31c161c932a2371c64dfff49db820ec3b2e312
- SHA512
  
  9e4ba2e50ffc6ae7d49ba0d77bf746c4ddcc139d1b3e20ee55c2ff403497046693cefaf8ec64a13a8eae74f95fbf288e12b1170b08ab50cd67e78fe6cfdbcfb1
- SSDEEP
  
  192:blLUdjoZvsBef7e3vtEMUETN9Bgdm6wVvl:cGb7SOE90m6w/
Score

10^/10

execution asyncrat tarea 2 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrattarea 2discoveryexecutionrat