asyncrat | 496146365c8463d0e5d895c076dec36cd70968464dbfec8d64cb37c89eb9d6b7 | Triage

Sharing

General

Target

54f84a84ab82ddaed70a70e07f0c9883_JaffaCakes118
Size

296KB
Sample

240518-qwe1nadh5v
MD5

54f84a84ab82ddaed70a70e07f0c9883
SHA1

4d3daa52ca703f1cd40ac00a129bce75931b6e09
SHA256

496146365c8463d0e5d895c076dec36cd70968464dbfec8d64cb37c89eb9d6b7
SHA512

151a732d2ff8df21f72d275f02911ed8902260a488de19e1a72a8f7b4c774cdb9537798b83b566d1d7f69eeae3cc442ac31ffb9040680a4dfee330e26c458970
SSDEEP

6144:mnXmnnmWv3wrGFF2uaKzgJcG+vbx/3GJ4ChPw4B2udVGgLY:mn2nmczhycpvbx/GSI4QpLY

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

54.75.82.184:7206

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  sample
- Size
  
  407KB
- MD5
  
  3de308db811bdd3781a51a313d6d179f
- SHA1
  
  0118e47f8bd38d3ed43cfed441f7047938490cf8
- SHA256
  
  7778fbb8ef5a6e0948d5135dc4dc9136cb16a56d6ac933f72ae66aef7151d989
- SHA512
  
  07a1b4f088b4aef42eed545b2f836d1a1f97a418e532ef69d4b68e1a8fa9cf9b8fa1dbf97c8fa9b9a9230555a2193881d746f529ef17ddc6b65d499d09100b49
- SSDEEP
  
  6144:jRwuOnmWW0hQAYRc0ZL8uOQIbY7aSzHA39GMQNe5TdjXmGWpWX2/iE:+mX0fYW0ZLxZGY7aSMsLNeBVmrj
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2

asyncratdefaultpersistencerat