asyncrat | 476dd6c64a2e5c0547956069693b4072929a9a264d05e0d7ade0ba784e22377d | Triage

Submit
Reports

Overview

overview

Static

static

3

b0f0683358...18.exe

windows7-x64

b0f0683358...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b0f0683358f3f66718dcdea684a959cc_JaffaCakes118
Size

1.3MB
Sample

240616-az85xasajc
MD5

b0f0683358f3f66718dcdea684a959cc
SHA1

f59c306fbc3129d09ba4e4ad8321c72a4858209c
SHA256

476dd6c64a2e5c0547956069693b4072929a9a264d05e0d7ade0ba784e22377d
SHA512

4635a3bb6f88fb9c8ece85e13510ecbc8b0f5e955ce234c23a70833c3a93398c96a8847e06c0913dbff01228b3198850b7f530e90095f0e91e2efc7cd8f6b36b
SSDEEP

24576:qQYf/Dlmx2Wm/49ghA0DB1uOXO9Kl6SdOnGGcJvS3KsDcz:n4LUV9kXDBXX2cVdOGG+ucz

Score

10^/10

asyncrat evasion rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b0f0683358f3f66718dcdea684a959cc_JaffaCakes118.exe

Resource

win7-20240221-en

asyncrat evasion rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b0f0683358f3f66718dcdea684a959cc_JaffaCakes118.exe

Resource

win10v2004-20240611-en

asyncrat evasion rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

Strekatun RAT

Mutex

13f-03018eb703b3

Attributes

delay
0
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/JuGEzR6N

aes.plain

Targets

- Target
  
  b0f0683358f3f66718dcdea684a959cc_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  b0f0683358f3f66718dcdea684a959cc
- SHA1
  
  f59c306fbc3129d09ba4e4ad8321c72a4858209c
- SHA256
  
  476dd6c64a2e5c0547956069693b4072929a9a264d05e0d7ade0ba784e22377d
- SHA512
  
  4635a3bb6f88fb9c8ece85e13510ecbc8b0f5e955ce234c23a70833c3a93398c96a8847e06c0913dbff01228b3198850b7f530e90095f0e91e2efc7cd8f6b36b
- SSDEEP
  
  24576:qQYf/Dlmx2Wm/49ghA0DB1uOXO9Kl6SdOnGGcJvS3KsDcz:n4LUV9kXDBXX2cVdOGG+ucz
Score

10^/10

asyncrat evasion rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratevasionrat

behavioral2

asyncratevasionrat

© 2018-2025

Terms | Privacy