asyncrat | aaa6ce4a562812d150ebecc689eef415002cd1f888b15d9665f8902e9a0fc98f | Triage

Sharing

General

Target

aaa6ce4a562812d150ebecc689eef415002cd1f888b15d9665f8902e9a0fc98f.ps1
Size

170KB
Sample

250128-n9qyzaxraz
MD5

cfd94b2da283627c433fe52c72862d67
SHA1

a2ac50311b73c23dc20c7f6b513849b8a726da96
SHA256

aaa6ce4a562812d150ebecc689eef415002cd1f888b15d9665f8902e9a0fc98f
SHA512

4de5f67dd71446f1f8423475b7f41b87fad449c180fc3c9f662a2e3b1e0c10b810a924dbf5ba66f7ceb663a6087e74f2dc4f10b462d1080c5342ac0c44bb3b9d
SSDEEP

3072:eQoHePbWgLgPG0WYRYwNWprNONXT+jGt6yjcL8hDcseHcTt6tPgzGJVEj:eRHePbWgLYnRYwNWprNONX6Ct6q

Score

10^/10

asyncrat 00000001 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

00000001

C2

81.10.39.58:7077

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  aaa6ce4a562812d150ebecc689eef415002cd1f888b15d9665f8902e9a0fc98f.ps1
- Size
  
  170KB
- MD5
  
  cfd94b2da283627c433fe52c72862d67
- SHA1
  
  a2ac50311b73c23dc20c7f6b513849b8a726da96
- SHA256
  
  aaa6ce4a562812d150ebecc689eef415002cd1f888b15d9665f8902e9a0fc98f
- SHA512
  
  4de5f67dd71446f1f8423475b7f41b87fad449c180fc3c9f662a2e3b1e0c10b810a924dbf5ba66f7ceb663a6087e74f2dc4f10b462d1080c5342ac0c44bb3b9d
- SSDEEP
  
  3072:eQoHePbWgLgPG0WYRYwNWprNONXT+jGt6yjcL8hDcseHcTt6tPgzGJVEj:eRHePbWgLYnRYwNWprNONX6Ct6q
Score

10^/10

execution asyncrat 00000001 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrat00000001discoveryexecutionrat