asyncrat | 1858aba49bc3b6bc7df3c70d3e70f3c14c747d5b267d2be366220c3c300219ca | Triage

Sharing

General

Target

761e34c09293f429b26fa9b08a942746_JaffaCakes118
Size

512KB
Sample

240726-232c1stenf
MD5

761e34c09293f429b26fa9b08a942746
SHA1

f9e8888673dd7465dcf633c6b711d99f4bd9f678
SHA256

1858aba49bc3b6bc7df3c70d3e70f3c14c747d5b267d2be366220c3c300219ca
SHA512

2412b933d2544561bb3fd567e2c0d369a6c3532c7cdceacace19b0d86477e7ea0b947a3de63a7ec2e9589c041c457ecdb00abae0e378e6a1060faaeb5cac53c3
SSDEEP

12288:/yHANgm25FmSEd5xO3onVmpOTq5rBByho7:/bgiS5NE

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  761e34c09293f429b26fa9b08a942746_JaffaCakes118
- Size
  
  512KB
- MD5
  
  761e34c09293f429b26fa9b08a942746
- SHA1
  
  f9e8888673dd7465dcf633c6b711d99f4bd9f678
- SHA256
  
  1858aba49bc3b6bc7df3c70d3e70f3c14c747d5b267d2be366220c3c300219ca
- SHA512
  
  2412b933d2544561bb3fd567e2c0d369a6c3532c7cdceacace19b0d86477e7ea0b947a3de63a7ec2e9589c041c457ecdb00abae0e378e6a1060faaeb5cac53c3
- SSDEEP
  
  12288:/yHANgm25FmSEd5xO3onVmpOTq5rBByho7:/bgiS5NE
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat