asyncrat | 4d5b4eea780ab2393d06f02fc1a6b5f3c490ddd8d768271b7534b75072aaf023 | Triage

Sharing

General

Target

6ab6671c9fbba06f36bf4f655d03f498_JaffaCakes118
Size

438KB
Sample

240724-h54rdaxcpd
MD5

6ab6671c9fbba06f36bf4f655d03f498
SHA1

02cb1d74714793c5ec3702ca3afbeb45ee7c0588
SHA256

4d5b4eea780ab2393d06f02fc1a6b5f3c490ddd8d768271b7534b75072aaf023
SHA512

275251629f1022d9cb330d4e91b614b871892e1a0cebaa533275dca0f3e6558316c039469bb5ce12f2807638bff23e7ef8c93933bd2a463d0f361922ed8f356d
SSDEEP

3072:ySgW8stAeW4guBOvffu6Em5sK4gMs4oFT89lwYX7aVKiEgQ0evwqdV1cxCc8:ZgW8CGu6/yKLLFTKEVKiEg78jcxJ8

Score

10^/10

asyncrat 18 discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

18

C2

185.157.160.136:1973

Mutex

df4Rtg34dFjwr

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  6ab6671c9fbba06f36bf4f655d03f498_JaffaCakes118
- Size
  
  438KB
- MD5
  
  6ab6671c9fbba06f36bf4f655d03f498
- SHA1
  
  02cb1d74714793c5ec3702ca3afbeb45ee7c0588
- SHA256
  
  4d5b4eea780ab2393d06f02fc1a6b5f3c490ddd8d768271b7534b75072aaf023
- SHA512
  
  275251629f1022d9cb330d4e91b614b871892e1a0cebaa533275dca0f3e6558316c039469bb5ce12f2807638bff23e7ef8c93933bd2a463d0f361922ed8f356d
- SSDEEP
  
  3072:ySgW8stAeW4guBOvffu6Em5sK4gMs4oFT89lwYX7aVKiEgQ0evwqdV1cxCc8:ZgW8CGu6/yKLLFTKEVKiEg78jcxJ8
Score

10^/10

asyncrat 18 discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat18discoverypersistencerat

behavioral2

asyncrat18discoverypersistencerat