asyncrat | da16702dc5e290b319ebf8238515929fe56744ed0c8164460048674e279b83d2 | Triage

Sharing

General

Target

3248f924ecf1d16c7a50fb047480b74d_JaffaCakes118
Size

394KB
Sample

240709-2p2rmazhkj
MD5

3248f924ecf1d16c7a50fb047480b74d
SHA1

68463d77efe9dda14993f544259338c5414c1c80
SHA256

da16702dc5e290b319ebf8238515929fe56744ed0c8164460048674e279b83d2
SHA512

7aa93b274d7d2fb0d76e25ff3a6eee68e01b8d0182e4e34a080479405e5fc441672a214496980bb53ab6ace20bcfb42200731baffbecf6287abcf22d2fdb7062
SSDEEP

12288:BLird9IVbSxjbo2GGFVUPeVAf9zmRZCNP3i4OLnia+L:1irduVbSxjPGG/U2efYRZCNPTOLnia+L

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  New PO_100955.exe
- Size
  
  717KB
- MD5
  
  db88d5ff560d97cb027632956ca9055b
- SHA1
  
  3eb93351bbd5c674202404c45fc8ba0b3d3c39c7
- SHA256
  
  1d1c7e4441d356fd59afca292924b34f4b18867aca7d5892210f2d997753c190
- SHA512
  
  7bc21018a82ab296cb43dab2d4e98411997ef7cad55c66dfc9b7f02e328e7deb730b1da8a83cbeb122a6b438f078abc9229a9779deb96ffff31e8721c7cf9351
- SSDEEP
  
  12288:xYbyAIjpRr+jjuMBBsV4vSVBXggZMXPUIX7Q/+hGZcS:xYeAIjIlBs4abXbZMXpX8/+hGZ5
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat