asyncrat | 0d7514389c3b6575c145ae81504baf30e1697953398d67e1b9cdd93c988f86f3 | Triage

Sharing

General

Target

0d7514389c3b6575c145ae81504baf30e1697953398d67e1b9cdd93c988f86f3.ps1
Size

453KB
Sample

250128-qh8qtazkfy
MD5

79fb1495a4971c693fe5b76f67eb8ee6
SHA1

449f323d5e86b28bc2ab67cad5c1b0694bbfa49f
SHA256

0d7514389c3b6575c145ae81504baf30e1697953398d67e1b9cdd93c988f86f3
SHA512

bbaa07457a5d120b08b1bafd9562d32d4b54f379174266843ef8fa8262bd9f2bb4eca91e003892bd73f76ee0398e174afd8ae8600708130b22caf0f622f5c1f9
SSDEEP

1536:zgqdW/z20+u4dXNR8WrlDnyDT2ybMVwO8zNdEunygsmj+oN8NGHbEh4WMx+m6y30:zWE+NPVFL2bUCUrNlKomLJVlCsspHG

Score

10^/10

asyncrat 00000001 discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

00000001

C2

81.10.39.58:7077

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  0d7514389c3b6575c145ae81504baf30e1697953398d67e1b9cdd93c988f86f3.ps1
- Size
  
  453KB
- MD5
  
  79fb1495a4971c693fe5b76f67eb8ee6
- SHA1
  
  449f323d5e86b28bc2ab67cad5c1b0694bbfa49f
- SHA256
  
  0d7514389c3b6575c145ae81504baf30e1697953398d67e1b9cdd93c988f86f3
- SHA512
  
  bbaa07457a5d120b08b1bafd9562d32d4b54f379174266843ef8fa8262bd9f2bb4eca91e003892bd73f76ee0398e174afd8ae8600708130b22caf0f622f5c1f9
- SSDEEP
  
  1536:zgqdW/z20+u4dXNR8WrlDnyDT2ybMVwO8zNdEunygsmj+oN8NGHbEh4WMx+m6y30:zWE+NPVFL2bUCUrNlKomLJVlCsspHG
Score

10^/10

execution asyncrat 00000001 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrat00000001discoveryexecutionrat