asyncrat | 68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd

Analysis

max time kernel
147s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-07-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

541c6da40f1e4f938b8b05ad013ccd0c_JaffaCakes118.exe
Size

109KB
MD5

541c6da40f1e4f938b8b05ad013ccd0c
SHA1

43192e28088709d41205d2db0a17c56c14c9ef93
SHA256

68be8b0ee5b439ad9a32edd7e202ad818efd9ed0fb1e53777d81ae90248fe5fd
SHA512

1f78b99b010091cfe416bf66fb6d59b1ee175cc14cd7a23cdf0381b806cc19120116c6f422bf627d7f308fe0d27a2fb940a09af2d99c1779e839e0f300a8a664
SSDEEP

3072:V4ot1B4/W24x2pjFQOtChgEKbLP1vteRxX:qot1i/N40puOtChgEKbLP1

Score

10^/10

asyncrat 01febrero persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

01FEBRERO

async2020.duckdns.org:7783

async2021.duckdns.org:7783

Mutex

MUTEX3095590234NDFALKD

Attributes

delay
3
install
false
install_file
realvnc.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/760-5-0x0000000000160000-0x0000000000172000-memory.dmp	family_asyncrat

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmpc.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wmpc.exe"	541c6da40f1e4f938b8b05ad013ccd0c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\541c6da40f1e4f938b8b05ad013ccd0c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\541c6da40f1e4f938b8b05ad013ccd0c_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/760-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

Filesize
4KB

Download
memory/760-1-0x000000013F100000-0x000000013F11E000-memory.dmp

Filesize
120KB

Download
memory/760-2-0x0000000000140000-0x0000000000152000-memory.dmp

Filesize
72KB

Download
memory/760-3-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Filesize
9.9MB

Download
memory/760-4-0x0000000000150000-0x0000000000158000-memory.dmp

Filesize
32KB

Download
memory/760-5-0x0000000000160000-0x0000000000172000-memory.dmp

Filesize
72KB

Download
memory/760-8-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

Filesize
4KB

Download
memory/760-9-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads