asyncrat | 182336fabdfbf5c8ef27830c1ded8137aaedf6f1f23d6786012ba9a7b4b1c372 | Triage

Sharing

General

Target

BrowserCookies.ps1
Size

1.4MB
Sample

250122-l4yera1qgm
MD5

85d801888c83fea08767b5598ea125fb
SHA1

5e836f4a4eddb093e74b314e1048086601b87aae
SHA256

182336fabdfbf5c8ef27830c1ded8137aaedf6f1f23d6786012ba9a7b4b1c372
SHA512

c4121fba26eb2bc0a1819ed6f07e87c5a1957c314ce07a837445788bd7a3e6b6a26cc347915a06f97b5892d95c608c0c9cc86f6d77d67225fbe5aa21da50cbec
SSDEEP

6144:FVy9n8urg/OLz+MNJDzO3gyCAb2eJto8j6iZT8JkcgEcLn6jgndB47mJwKyR7qW6:uO3g5tE6YCegnxBtE5Jb6NfFsAkOHwn

Score

10^/10

asyncrat xxxx_sender_xxxx discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

XXxx_Sender_xxXX

C2

sendandendco.dynu.net:1967

Mutex

A@@@s#ncMutex_6Sxx@@@I8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  BrowserCookies.ps1
- Size
  
  1.4MB
- MD5
  
  85d801888c83fea08767b5598ea125fb
- SHA1
  
  5e836f4a4eddb093e74b314e1048086601b87aae
- SHA256
  
  182336fabdfbf5c8ef27830c1ded8137aaedf6f1f23d6786012ba9a7b4b1c372
- SHA512
  
  c4121fba26eb2bc0a1819ed6f07e87c5a1957c314ce07a837445788bd7a3e6b6a26cc347915a06f97b5892d95c608c0c9cc86f6d77d67225fbe5aa21da50cbec
- SSDEEP
  
  6144:FVy9n8urg/OLz+MNJDzO3gyCAb2eJto8j6iZT8JkcgEcLn6jgndB47mJwKyR7qW6:uO3g5tE6YCegnxBtE5Jb6NfFsAkOHwn
Score

10^/10

execution asyncrat xxxx_sender_xxxx discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratxxxx_sender_xxxxdiscoveryexecutionrat