Overview

overview

10

Static

static

1

7254_output.vbs

windows10-2004-x64

10

7254_output.vbs

windows7-x64

8

7254_output.vbs

windows10-2004-x64

10

7254_output.vbs

windows10-ltsc 2021-x64

10

7254_output.vbs

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1468_output.zip

  • Size

    53KB

  • Sample

    241222-yqhtcsxqan

  • MD5

    28c5085746688fba7ae4ef8583dad54c

  • SHA1

    936db97e1e241a405fcd9894d8985550ab2b9e71

  • SHA256

    f6931c3a5d043125d3c5d03a9000c0e0c096f044a9d860088192197ea15d8da4

  • SHA512

    1e0b3babfeb79aa7eb29ba6f141381a8a0bdf91bc0c4f5fd470b627ed763900ea93743e48cf486408d8a9f74018b3b7cbb896de2bb1aa92aa9d7706d542c017b

  • SSDEEP

    1536:W+YzlbLImhJD/FsvOaShVTO+xDs6OiW05qjlWOU:GlYmj/FsvchU4wPpjAOU

Score
10/10
asyncratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

jt8iyre.localto.net:2101

jt8iyre.localto.net:55644
Mutex

AbAUwI3PK3e3

Attributes
  • delay

    3

  • install

    false

  • install_file

    winserve.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7254_output.vbs

    • Size

      203KB

    • MD5

      02081ae0dbab5cbb3ba6fb3d316bb850

    • SHA1

      0b422b950e717427ec53709384b214433871f78b

    • SHA256

      f93f8db130adb1cb891c6a8591d1c2f518a4ba3d5aed98d1e7b530030b0297bb

    • SHA512

      7ae8c0859f25c7cecaa0be83d5ac99d20bde7287ef1f49ddd3114d4683c8ec05a2947f0c0d27b62ea5b4b0764d6ae0a104ffa7d6d84a46b1bd0ecb1eac9d718d

    • SSDEEP

      1536:abfH0KjxZkPuIqVvsPX9ZvPcL6pVIxQz4EEmgEUUQt7xLVCf:a7H0KjYSds/9ZXCnjIK7pV2

    Score
    10/10
    asyncratdefaultdiscoveryexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks