asyncrat | 4d3342755a6622e79184acda622c1b9a4e49c962e99d0fb4ec2e52712648f1ed | Triage

Sharing

General

Target

5f4fa1e76daa53fca0dbd4c9fb67f36c_JaffaCakes118
Size

234KB
Sample

240520-qpj12ach71
MD5

5f4fa1e76daa53fca0dbd4c9fb67f36c
SHA1

77df08a040ff244821646d3edf5e7d353423585f
SHA256

4d3342755a6622e79184acda622c1b9a4e49c962e99d0fb4ec2e52712648f1ed
SHA512

0f2a41596033021d1c48daf4903b4dd24e2a7756c1fe2f57d5457cc5655293f322549237a8a0d4ebddda33e8aa47f6bb8f460deb38bd4cf841241a9ae587948f
SSDEEP

3072:kjx4Azy9BGS15TNfs72havim+jVlokCTlAUQOHrazWdUAuPBN79Bt34ycLgF4IY2:kjx4AzwHDUvejVlWAUbH+WwTpBt4yLFD

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.33.234.204:4784

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  5f4fa1e76daa53fca0dbd4c9fb67f36c_JaffaCakes118
- Size
  
  234KB
- MD5
  
  5f4fa1e76daa53fca0dbd4c9fb67f36c
- SHA1
  
  77df08a040ff244821646d3edf5e7d353423585f
- SHA256
  
  4d3342755a6622e79184acda622c1b9a4e49c962e99d0fb4ec2e52712648f1ed
- SHA512
  
  0f2a41596033021d1c48daf4903b4dd24e2a7756c1fe2f57d5457cc5655293f322549237a8a0d4ebddda33e8aa47f6bb8f460deb38bd4cf841241a9ae587948f
- SSDEEP
  
  3072:kjx4Azy9BGS15TNfs72havim+jVlokCTlAUQOHrazWdUAuPBN79Bt34ycLgF4IY2:kjx4AzwHDUvejVlWAUbH+WwTpBt4yLFD
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultpersistencerat

behavioral2

asyncratdefaultpersistencerat