Overview

overview

10

Static

static

1

63vN2.vbs

windows7-x64

10

63vN2.vbs

windows10-1703-x64

10

63vN2.vbs

windows10-2004-x64

10

63vN2.vbs

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63vN2.txt

  • Size

    533B

  • Sample

    240705-w4bk4avgra

  • MD5

    dc087d53594631d1aaa5a22d4b98029f

  • SHA1

    3c3889c1aa260c8a6cbc203880d9a436304172bf

  • SHA256

    c46404289e1d370b7f1c7d90301db7f2e9a3827e02b00d44a4a1dd557f5a2f1b

  • SHA512

    fbb311d639876b55edb0a7d5e0bc967f15b7f3f87211ba28f66079a7ec6adb1f04de19682661efaeb74f7a67691482c974dd505ecb8f2a4944222c81b7a0341f

Score
10/10
asyncratdefaultexecutionrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://212.70.149.205:2020/c.jpg

Extracted

Family

asyncrat

Version

Xchallenger | 3Losh

Botnet

Default

C2

s1mpl3.simple-url.com:6606

s1mpl3.simple-url.com:7707

s1mpl3.simple-url.com:8808
Mutex

AsyncMutex_aloshx

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      63vN2.txt

    • Size

      533B

    • MD5

      dc087d53594631d1aaa5a22d4b98029f

    • SHA1

      3c3889c1aa260c8a6cbc203880d9a436304172bf

    • SHA256

      c46404289e1d370b7f1c7d90301db7f2e9a3827e02b00d44a4a1dd557f5a2f1b

    • SHA512

      fbb311d639876b55edb0a7d5e0bc967f15b7f3f87211ba28f66079a7ec6adb1f04de19682661efaeb74f7a67691482c974dd505ecb8f2a4944222c81b7a0341f

    Score
    10/10
    executionasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks