asyncrat | 22cab462a857158b170376f73d28154d7337f9379e84695875be62e178c5597c

Analysis

max time kernel
135s
max time network
148s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe
Size

987KB
MD5

2bad27a37d32b4235aac6fcdf74b4306
SHA1

8b2b15c01b1e54be6396af46ab3b59fee67f5148
SHA256

22cab462a857158b170376f73d28154d7337f9379e84695875be62e178c5597c
SHA512

eb6ffa7c229d6e687ed65f69a77d1a94166410d5e77be812c956a58396dbdf7b1b5817e7eee0ae67c62776cd6c1c83be11e44f577a1b780027ee3bfdc7cbc0b0
SSDEEP

12288:ruDnl6cMv0obsCnG1eQmXViI2gDnUyfSAgyZx:rklk1NQmX4SUPsX

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

168.62.160.75:1604

168.62.160.75:222

tehliike.duckdns.org:1604

tehliike.duckdns.org:222

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
setup.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2044 set thread context of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1148	2044	2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2bad27a37d32b4235aac6fcdf74b4306_JaffaCakes118.exe"
  2⤵
  PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1148-7-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-4-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-6-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-5-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-12-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-15-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-10-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1148-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1148-21-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/1148-20-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/1148-19-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2044-2-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2044-16-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2044-17-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2044-3-0x0000000000B10000-0x0000000000B18000-memory.dmp

Filesize
32KB

Download
memory/2044-18-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2044-1-0x0000000001110000-0x000000000120E000-memory.dmp

Filesize
1016KB

Download
memory/2044-0-0x00000000747AE000-0x00000000747AF000-memory.dmp

Filesize
4KB

Download