asyncrat | fb0adc9c82a462297f7be357e0272b3b8d0f1af106580e7aa64f6108c40658ea | Triage

Sharing

General

Target

fb0adc9c82a462297f7be357e0272b3b8d0f1af106580e7aa64f6108c40658ea.ps1
Size

440KB
Sample

250127-vxnreazlgp
MD5

f405f22335b325746fc2c92892af92e9
SHA1

720b78fe3afb353d94271fc2255b629042432c6a
SHA256

fb0adc9c82a462297f7be357e0272b3b8d0f1af106580e7aa64f6108c40658ea
SHA512

1887a8de5cbd6a119ca77c250b36d9b965a704fb9ad75a363fc4cc67ed46f84bb3d63e0f2aab5f8bce539a21fca9cc9f517905ce26f40317770d33d7bbf91ab4
SSDEEP

1536:bkdW/z20+u4dXNR8WrlDn9lVYw7VM4kD2Fq5AGGzeQz4JnImgzP8RiPmHnClK+dr:beYw7Ev1P4RtluaB1

Score

10^/10

asyncrat fox_mado discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

Fox_Mado

Mutex

0000_000

Attributes

delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/r3hJ4btd

aes.plain

Targets

- Target
  
  fb0adc9c82a462297f7be357e0272b3b8d0f1af106580e7aa64f6108c40658ea.ps1
- Size
  
  440KB
- MD5
  
  f405f22335b325746fc2c92892af92e9
- SHA1
  
  720b78fe3afb353d94271fc2255b629042432c6a
- SHA256
  
  fb0adc9c82a462297f7be357e0272b3b8d0f1af106580e7aa64f6108c40658ea
- SHA512
  
  1887a8de5cbd6a119ca77c250b36d9b965a704fb9ad75a363fc4cc67ed46f84bb3d63e0f2aab5f8bce539a21fca9cc9f517905ce26f40317770d33d7bbf91ab4
- SSDEEP
  
  1536:bkdW/z20+u4dXNR8WrlDn9lVYw7VM4kD2Fq5AGGzeQz4JnImgzP8RiPmHnClK+dr:beYw7Ev1P4RtluaB1
Score

10^/10

discovery execution asyncrat fox_mado rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncratfox_madodiscoveryexecutionrat