asyncrat | 900562963720c7166432d768ff224b76b12a39b76ffe97b7c1dc33df2fa43e9e

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f400501648b23a2b8d4ebee2397aefd3_JaffaCakes118.exe
Size

62KB
MD5

f400501648b23a2b8d4ebee2397aefd3
SHA1

91aed0ebaacab2f4c1cadda6f716be34b5dbecb9
SHA256

900562963720c7166432d768ff224b76b12a39b76ffe97b7c1dc33df2fa43e9e
SHA512

78311b315859ff5d210f741b59ce2efcea56fdcd9a3d083278d21231813c598bd56919d20c7e4fd3114ba2166975819fdd55803a538d07a0d01d00b71cf65d90
SSDEEP

1536:crfyLyIHJH4tdmtU2bGVHdC2ByPg/kVccsoyOO:crfBIB4tct9bGVHE2MM6Pso0

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

ntlplaast11.duckdns.org:6606

ntlplaast11.duckdns.org:7707

ntlplaast11.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral2/memory/1424-3-0x0000000003180000-0x0000000003192000-memory.dmp	family_asyncrat

C:\Users\Admin\AppData\Local\Temp\f400501648b23a2b8d4ebee2397aefd3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f400501648b23a2b8d4ebee2397aefd3_JaffaCakes118.exe"
1⤵
PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1424-0-0x0000000000DC0000-0x0000000000DD6000-memory.dmp

Filesize
88KB

Download
memory/1424-1-0x0000000074630000-0x0000000074DE0000-memory.dmp

Filesize
7.7MB

Download
memory/1424-2-0x00000000057C0000-0x000000000585C000-memory.dmp

Filesize
624KB

Download
memory/1424-3-0x0000000003180000-0x0000000003192000-memory.dmp

Filesize
72KB

Download
memory/1424-4-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/1424-5-0x0000000074630000-0x0000000074DE0000-memory.dmp

Filesize
7.7MB

Download
memory/1424-6-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download