asyncrat

General

Target

52f2c8892f84d4af8acfd4c171c3e862_JaffaCakes118
Size

285KB
Sample

240518-elrqxsbb69
MD5

52f2c8892f84d4af8acfd4c171c3e862
SHA1

e12d8fa867705204dceb4bc0a18b724aa8c03d19
SHA256

9f7b003e61866ce2d53e7855e7682d1304408afc77ef78de9f50ce1a9d52d5a6
SHA512

2061447b2cea62cfdb469a44d5cb0867abe73a27b43ea2b7f93b2842c1c5a75f2c140ce24048351ddfb97973b9ad9d959d0923f87236d6c30228289db0fffad3
SSDEEP

6144:Jbnf927KNYDcN9QSzzM9rzGzmXHK5RsURdMREHzmm4z6S/O41S3:dVQD09QB9vnXq5RplOOS/FS

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

193.161.193.99:6606

193.161.193.99:7707

193.161.193.99:8808

193.161.193.99:2222

193.161.193.99:25334

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
WinTemporaryFiles32.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  52f2c8892f84d4af8acfd4c171c3e862_JaffaCakes118
- Size
  
  285KB
- MD5
  
  52f2c8892f84d4af8acfd4c171c3e862
- SHA1
  
  e12d8fa867705204dceb4bc0a18b724aa8c03d19
- SHA256
  
  9f7b003e61866ce2d53e7855e7682d1304408afc77ef78de9f50ce1a9d52d5a6
- SHA512
  
  2061447b2cea62cfdb469a44d5cb0867abe73a27b43ea2b7f93b2842c1c5a75f2c140ce24048351ddfb97973b9ad9d959d0923f87236d6c30228289db0fffad3
- SSDEEP
  
  6144:Jbnf927KNYDcN9QSzzM9rzGzmXHK5RsURdMREHzmm4z6S/O41S3:dVQD09QB9vnXq5RplOOS/FS
Score

10^/10

asyncrat rat default
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Executes dropped EXE

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2