asyncrat

General

Target

42ffde5af3d66024c0699f14922bb1da_JaffaCakes118
Size

315KB
Sample

240713-xzst9aterm
MD5

42ffde5af3d66024c0699f14922bb1da
SHA1

b4019d8834f565877ead605a6930e5fdb1bdcfa1
SHA256

9b608fcfcff20713072deb68b58dd218cc10f880b5c85a7903aec99d9471f269
SHA512

cef54ced9dd019f24cd8619e3fd989a8ca146680ffb9b98217941068d79c26a38476d696d2a6c91c69fde70e3b8f25f05c18462682b26486f693c16badcd82fe
SSDEEP

6144:D6xqzHOWLMGBgPcpdrVVsqy3WmSNRbNqfWvC:OxqzHOM/HVVs/3WNbMfWvC

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

40.75.8.74:7707

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

Default

C2

23.102.129.234:7707

Mutex

uvkcjjugzqls

Attributes

delay
1
install
false
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  42ffde5af3d66024c0699f14922bb1da_JaffaCakes118
- Size
  
  315KB
- MD5
  
  42ffde5af3d66024c0699f14922bb1da
- SHA1
  
  b4019d8834f565877ead605a6930e5fdb1bdcfa1
- SHA256
  
  9b608fcfcff20713072deb68b58dd218cc10f880b5c85a7903aec99d9471f269
- SHA512
  
  cef54ced9dd019f24cd8619e3fd989a8ca146680ffb9b98217941068d79c26a38476d696d2a6c91c69fde70e3b8f25f05c18462682b26486f693c16badcd82fe
- SSDEEP
  
  6144:D6xqzHOWLMGBgPcpdrVVsqy3WmSNRbNqfWvC:OxqzHOM/HVVs/3WNbMfWvC
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Async RAT payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2