asyncrat | cc3142e5a57ed925b842b9518b73dd50bf2e670ca954cffcec931adaf2c7f943 | Triage

Sharing

General

Target

cc3142e5a57ed925b842b9518b73dd50bf2e670ca954cffcec931adaf2c7f943.wsf
Size

259KB
Sample

250128-n939asxrct
MD5

79615b779cd90313367de9f6b05eb87e
SHA1

d4b2b0caffacb205898c6590eb28840933535d97
SHA256

cc3142e5a57ed925b842b9518b73dd50bf2e670ca954cffcec931adaf2c7f943
SHA512

b07ab709a4431031f7e2e939ff82572accb8bbe6464479c8e9bfc399aec7da233c21f901d9a8d952fe077486c579b1de0d24f1632f96ec1ba39b81f6736fb9db
SSDEEP

3072:6XGxpnyPWD4v6V2BBGKBukGl4a3j3iFNj6pWFAc8ytiO8ywbv7r3SopyPCEXQkPK:Rt5M6c/n1x/rzAcfqys28Eq59CY

Score

10^/10

asyncrat 00000001 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

00000001

C2

81.10.39.58:7077

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  cc3142e5a57ed925b842b9518b73dd50bf2e670ca954cffcec931adaf2c7f943.wsf
- Size
  
  259KB
- MD5
  
  79615b779cd90313367de9f6b05eb87e
- SHA1
  
  d4b2b0caffacb205898c6590eb28840933535d97
- SHA256
  
  cc3142e5a57ed925b842b9518b73dd50bf2e670ca954cffcec931adaf2c7f943
- SHA512
  
  b07ab709a4431031f7e2e939ff82572accb8bbe6464479c8e9bfc399aec7da233c21f901d9a8d952fe077486c579b1de0d24f1632f96ec1ba39b81f6736fb9db
- SSDEEP
  
  3072:6XGxpnyPWD4v6V2BBGKBukGl4a3j3iFNj6pWFAc8ytiO8ywbv7r3SopyPCEXQkPK:Rt5M6c/n1x/rzAcfqys28Eq59CY
Score

10^/10

execution asyncrat 00000001 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrat00000001discoveryexecutionrat