asyncrat | ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d | Triage

Sharing

General

Target

ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d.ps1
Size

456KB
Sample

250128-n9qyzaxray
MD5

067e3f77fde1c988ac1d1413bafc29ae
SHA1

e2a17181441c1e573a47d7ef8c259bf9797be9e8
SHA256

ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d
SHA512

740bd6be6b4eaa189b596abd56eb9fc48b7c7c31b7fb6990ca27c2ee4e2174a9a1e95b4aca2415b4ae59a3b358cbe12b23a44e145fab4fe7b8cdf4a2d669427f
SSDEEP

1536:g9dW/z20+u4dXNR8WrlDnqIuH7FWRGPP3jU86lsWST+HxYfn8qgy5J+LLg7WMJV8:gzaGD

Score

10^/10

asyncrat 00000001 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

00000001

C2

81.10.39.58:7077

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d.ps1
- Size
  
  456KB
- MD5
  
  067e3f77fde1c988ac1d1413bafc29ae
- SHA1
  
  e2a17181441c1e573a47d7ef8c259bf9797be9e8
- SHA256
  
  ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d
- SHA512
  
  740bd6be6b4eaa189b596abd56eb9fc48b7c7c31b7fb6990ca27c2ee4e2174a9a1e95b4aca2415b4ae59a3b358cbe12b23a44e145fab4fe7b8cdf4a2d669427f
- SSDEEP
  
  1536:g9dW/z20+u4dXNR8WrlDnqIuH7FWRGPP3jU86lsWST+HxYfn8qgy5J+LLg7WMJV8:gzaGD
Score

10^/10

discovery execution asyncrat 00000001 rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

asyncrat00000001discoveryexecutionrat