asyncrat | 9b41bf8f85747590a77dcb1f08634cc250eec349b6b3f25d640fb4cf0c69713f | Triage

Sharing

General

Target

4589e8f916643c5d21b413d5ddaa0105_JaffaCakes118
Size

417KB
Sample

240714-m66pkszgkg
MD5

4589e8f916643c5d21b413d5ddaa0105
SHA1

9632ee7d485059e9fe8bbc70ba55a7b45427d530
SHA256

9b41bf8f85747590a77dcb1f08634cc250eec349b6b3f25d640fb4cf0c69713f
SHA512

2b1331432a5af40320664572b3dc86f194c4ab8e1bb010389ddab4871d8e690ac4eadd0f421bf5e6974862a75ea627c502c4a5c14ee4e727e1567574cfecc34f
SSDEEP

3072:pwAM4NjvB4vMdq5hs5Uz/nVu4wLT+4aHBgMwYX7aVKiEgjeSTsxCatgfVapBXt:pc4vq5hs5I/nc4w0oVKiEgKaratgMZ

Score

10^/10

asyncrat 1 persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

185.157.160.136:1973

Mutex

df4Rtg34dFjwr7ujp3

Attributes

delay
38
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  4589e8f916643c5d21b413d5ddaa0105_JaffaCakes118
- Size
  
  417KB
- MD5
  
  4589e8f916643c5d21b413d5ddaa0105
- SHA1
  
  9632ee7d485059e9fe8bbc70ba55a7b45427d530
- SHA256
  
  9b41bf8f85747590a77dcb1f08634cc250eec349b6b3f25d640fb4cf0c69713f
- SHA512
  
  2b1331432a5af40320664572b3dc86f194c4ab8e1bb010389ddab4871d8e690ac4eadd0f421bf5e6974862a75ea627c502c4a5c14ee4e727e1567574cfecc34f
- SSDEEP
  
  3072:pwAM4NjvB4vMdq5hs5Uz/nVu4wLT+4aHBgMwYX7aVKiEgjeSTsxCatgfVapBXt:pc4vq5hs5I/nc4w0oVKiEgKaratgMZ
Score

10^/10

asyncrat 1 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat1persistencerat

behavioral2

asyncrat1persistencerat