asyncrat | f6b0044d0edccca48a617bc340e151baa4f8fecfa02571122aeff6937cb3c3d0 | Triage

Sharing

General

Target

01293e1baf98d49f108bde72ee7f51b5_JaffaCakes118
Size

68KB
Sample

240727-1q4f6steqg
MD5

01293e1baf98d49f108bde72ee7f51b5
SHA1

3219c29ac28295bcfc9419504883f09a0f43f232
SHA256

f6b0044d0edccca48a617bc340e151baa4f8fecfa02571122aeff6937cb3c3d0
SHA512

a46922cccede8297e622ace6e07ed27abfd45243e182bd258c7c087d7803f40723e4d9b69e8bb6b4fd7bec8cb6e8132926c8300c7d87d66669bcdc2c949f4ea3
SSDEEP

1536:JX4CQSt2u2JLcTMhxZKkHBT+vFFonFnLRIzZDaeYY:JF/t2u2STMzZKeBTVxWZaeYY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.33.234.71:1337

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  01293e1baf98d49f108bde72ee7f51b5_JaffaCakes118
- Size
  
  68KB
- MD5
  
  01293e1baf98d49f108bde72ee7f51b5
- SHA1
  
  3219c29ac28295bcfc9419504883f09a0f43f232
- SHA256
  
  f6b0044d0edccca48a617bc340e151baa4f8fecfa02571122aeff6937cb3c3d0
- SHA512
  
  a46922cccede8297e622ace6e07ed27abfd45243e182bd258c7c087d7803f40723e4d9b69e8bb6b4fd7bec8cb6e8132926c8300c7d87d66669bcdc2c949f4ea3
- SSDEEP
  
  1536:JX4CQSt2u2JLcTMhxZKkHBT+vFFonFnLRIzZDaeYY:JF/t2u2STMzZKeBTVxWZaeYY
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat