asyncrat | 33d0bc76fa1c09fe48e29f19ffd56325f1b435c4eac6c81ae7bd2ae26ab7444e | Triage

Sharing

General

Target

temp.zip
Size

1.8MB
Sample

250225-v52y1azjw6
MD5

c8971dd40c1401887a2df4410e888774
SHA1

1af1c487ca21a123533a3b4281394287e524c64f
SHA256

33d0bc76fa1c09fe48e29f19ffd56325f1b435c4eac6c81ae7bd2ae26ab7444e
SHA512

ee01eea746b90ca92776b667be43d1c8976afac9c40eaf5d3d915a75b6d3bd78befc4ed121c3d05c69e17c1667086b190d792ed37c347a93bd5068d8316fe5c0
SSDEEP

49152:Ooc5yTO+WoipAv+1VGgFDibQPZ27miMweVL16h1ExR:OocSiAv+egYbvQVL16bwR

Score

10^/10

asyncrat default discovery macos rat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

Default

C2

llechematerna02.kozow.com:7575

Mutex

AsyncMutex_alosh

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  archivo.exe
- Size
  
  1.3MB
- MD5
  
  240a6bf157e337dea52e7bf5a27f1cb8
- SHA1
  
  2773987e599d7b37e3848fadfd114b5cef35dc37
- SHA256
  
  06d02c153a476e7f2487b757c7c63685c3abd38b406acc598ad9fb76a4fb99c8
- SHA512
  
  c565881c347b9770cbbf183e50fa816a97a50601d4a537914c90d06e8eea790c8946062df1f86e0a764572c6afb0c2f01ee238ec2976aafc44f9bdfb25a583e8
- SSDEEP
  
  24576:YS+jvg5q5Dl0+FzYWWI5H4R09Y3h2OsDStIRWziIvH4Rh:YS+jvbDO6zDRUiah2OsDStI8JO
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  mozglue.dll
- Size
  
  702KB
- MD5
  
  cf4575844b6dd4738ba26bbcda9d6a7d
- SHA1
  
  cdc88db183e6c6f4ac7946587246b330ce732c40
- SHA256
  
  0bc51044bfa3f9ff1aa06e340effa60b1a08540a87b134e27be051f0711400cc
- SHA512
  
  7f2126b553d26cbe10dac31ade3b1bb73ed50673bd9764565ddb34d21f39c5965a9f20234845384826d8c73e25491a323c3aeb280b993f707945af6d7327b831
- SSDEEP
  
  12288:4VIz+nfLITIljoeTJLLYTOU/fyXFZUyAQfOjwMk+GlF3ryrRrA1RtPiY/:4xnfMklMqAOUSXTUyAYONmlFGrRrA1RL
Score

1^/10
behavioral3 behavioral4
- Target
  
  msvcp140.dll
- Size
  
  574KB
- MD5
  
  e82a9818d8caf6c4ca3536bfce5b5650
- SHA1
  
  cc2113788421cc90988f21a004b7aaa717232a8c
- SHA256
  
  202d7f06e3d4f4fa188832e131664846979c0c81ffa86f91728431addffafbfb
- SHA512
  
  416c21778acab86527e9f3f237e22bafaaf1031ce28facf913d143c99c5c57ee0f13771db785e7378031f16643655d5233a5cc7ef10f41b764a039167fb65095
- SSDEEP
  
  12288:Qbxu4DawI5n+BOJAc/FTo8cWojFjM0TvH9Dfd2AtluP+QEKZm+jWodEEVGU:Q3lfl1QEKZm+jWodEEkU
Score

1^/10
behavioral5 behavioral6
- Target
  
  paillette.dmg
- Size
  
  71KB
- MD5
  
  1962a5ca05e4082e9ff7d3f2d957fc0a
- SHA1
  
  936fbbf7d103ab184bdfbc1f2036f7ce7f49b079
- SHA256
  
  37d9d1ab2122d92ca5d8d8c40dcfa52a1127b759cbb3b81b479a2c07d74882ae
- SHA512
  
  5c72b48c54fa9a6e90c317a5b7b6fcbb2d8da506f0be2601d3e57f1131eb914e34aec944caa350d79782f9db21994e00e304759ee858aefc1d81a6f78951a153
- SSDEEP
  
  1536:wRrM2bVWjJHHc3kPzgGCIvfN7vC6HCSTwIkDOdUcMc:srMi8zgGCIvJvC6DTw1c
Score

1^/10
behavioral7
- Target
  
  vcruntime140.dll
- Size
  
  115KB
- MD5
  
  bb36d85252327ebddde71686429f1c3a
- SHA1
  
  febf6d0c478a170fa20a8bdecc24cb1e30a35521
- SHA256
  
  4d90b1c669b3a93d33ca62f4c7374a3fe32a2a3dccb46f7378ee2100d7e335b8
- SHA512
  
  e5e139c07cfd0aa0606baec947924ba319cce09155f215560d1749a9db21d68e8209902fc52eede4900ecd9d7c93c79b2c6ae2133dfa500c2371a94b61f3009b
- SSDEEP
  
  3072:fV3iC0h9q4v6XjKwoecbq8qBTSJ/e+1cR:f0C0h97cmZecbq8Q6C
Score

1^/10
behavioral8 behavioral9
- Target
  
  vcruntime140_1.dll
- Size
  
  56KB
- MD5
  
  13995cf2f33dcc1ed0726f36f40c1fff
- SHA1
  
  cf3a15d1a44eb44b364ac5d60e8404c2be190d3b
- SHA256
  
  4cf017f49d5d8d894ac09535e1473a54380422db08e0c9bd06b55ff723e49a5e
- SHA512
  
  8e46959c190f02a221b9d2f5e179c8cf2d98350039145bf3913be41511abc46a18516772a21c8eb0564f6a5c28e5f25e95ee71459cbd8a2f9c5938992f199296
- SSDEEP
  
  1536:HvGS8fZ1esJw4dz0XbcJ5heB/maB+d8zuK/:wfZ1bJwoz2B/Yab
Score

1^/10
behavioral10 behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11