asyncrat | 752bb5f3c8ed70fd9fb166c23dd978e55e3a9e6ffee07eaf0ed6228fe3465e6a | Triage

Sharing

General

Target

S.zip
Size

148KB
Sample

250114-qa75baymes
MD5

b992bc362df3f6ec7c75bc48bcb15d56
SHA1

487448e03b9d499c57df745c63abd5312784d020
SHA256

752bb5f3c8ed70fd9fb166c23dd978e55e3a9e6ffee07eaf0ed6228fe3465e6a
SHA512

d95e48f52757a7ae1cc6c030cde6e184772027b5160c0937079a1024ec75209df11cffc0b3225e81405dd933e2651a042baf7e10cd1e65a4eb8085e30947079a
SSDEEP

3072:XyAuak16EZpC7AefyK/qBph5M5gW7zRZNhP93SnkoFyzyu71Kdr593iNFHK9lELG:X5ufsEZpLefLSzugW7Bt9CnkoDuxKYHU

Score

10^/10

asyncrat movefromloader discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

MoveFromLoader

C2

transfermone.dynuddns.com:9992

familyfriend.dynu.net:9992

Mutex

fgjfdghj45y6t435defsg3223523I#$%I@(@#$U@RJWEOJKROW

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  S.ps1
- Size
  
  706KB
- MD5
  
  373aa878a5ad94612f42d3728b1a1d27
- SHA1
  
  5106a85b484db9cc017dd31806012166321322cb
- SHA256
  
  4debdf415ed87c8f1861030788ddc601f22018344a7fa8a36dda60ffc9865034
- SHA512
  
  806e7ec64adfff5878bb1ea85dfb78516abb9de6548ee81b4f6e361e46aea756a97056a7519cd4c6fe54e8785cd75123f8807b8eb6c7c63810362cbdb4946a2d
- SSDEEP
  
  1536:PDnAsypbJ+L1yQzAfggjuoBAHMVpWzb3mCoPXhfsQpjnEq24d7U4Vq51ru2TPOWf:SEx
Score

10^/10

execution asyncrat movefromloader discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

movefromloaderasyncrat

behavioral1

behavioral2

asyncratmovefromloaderdiscoveryexecutionrat