asyncrat | 8bf17c54ff96f81771b6bd7201d1ccdbd930eec93c4070a9e497f9ed9d8a866a | Triage

Sharing

General

Target

8bf17c54ff96f81771b6bd7201d1ccdbd930eec93c4070a9e497f9ed9d8a866a.cmd
Size

5KB
Sample

250222-e7k59symdr
MD5

346f4cbc345012136a9b5d4bfae3c11a
SHA1

6513cf27544946827184cfbf874cf7878aa15aa4
SHA256

8bf17c54ff96f81771b6bd7201d1ccdbd930eec93c4070a9e497f9ed9d8a866a
SHA512

e6b7cca8153d778546ef511dcbe9efef55058e905552724fee5ec9287be5e9c568534975c1c49fbd9972005c1afb647d259fd5b0f762a2c391385f1cb31e4500
SSDEEP

96:PjDPunTNx9TDmGU8OskGh1UF8dB2yVmnzs1sWVPBQetXTXjrC7pUjTioU47aLjLN:vunTNvph8+qz8qpkOqOjLqQOE9B

Score

10^/10

asyncrat rrrrr discovery execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

Xchallenger | 3Losh

Botnet

RRRRR

C2

ftdx.camdvr.org:7707

Mutex

AsyncMutex_aloxcmkme

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  8bf17c54ff96f81771b6bd7201d1ccdbd930eec93c4070a9e497f9ed9d8a866a.cmd
- Size
  
  5KB
- MD5
  
  346f4cbc345012136a9b5d4bfae3c11a
- SHA1
  
  6513cf27544946827184cfbf874cf7878aa15aa4
- SHA256
  
  8bf17c54ff96f81771b6bd7201d1ccdbd930eec93c4070a9e497f9ed9d8a866a
- SHA512
  
  e6b7cca8153d778546ef511dcbe9efef55058e905552724fee5ec9287be5e9c568534975c1c49fbd9972005c1afb647d259fd5b0f762a2c391385f1cb31e4500
- SSDEEP
  
  96:PjDPunTNx9TDmGU8OskGh1UF8dB2yVmnzs1sWVPBQetXTXjrC7pUjTioU47aLjLN:vunTNvph8+qz8qpkOqOjLqQOE9B
Score

10^/10

execution asyncrat rrrrr discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratrrrrrdiscoveryexecutionpersistencerat