asyncrat

General

Target

12919d04474c942ae2690a6524ca2f63_JaffaCakes118
Size

294KB
Sample

240728-lfemqsshkg
MD5

12919d04474c942ae2690a6524ca2f63
SHA1

4def81bc9bbe31b516d920d3927e97c9436d62e1
SHA256

e8fa87ca61975dd06856634213396736a9596b1b8f589f18ccb9eae2bfc34e0c
SHA512

14d5a4f9f1f26f38ec231e70792b448655c230b448708933564b73fb07acadc33b2c24d71814491e9817ed51fde748d9c0b3bc688f9a80dc72fd1a64e12fd3b3
SSDEEP

6144:6yWuZc8Nwe2jYN4VbCw81EkwyhGYGlqy45YPfe:dWuZc8QjYGVb/81EXtol

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:5050

185.165.153.251:6606

185.165.153.251:7707

185.165.153.251:8808

185.165.153.251:5050

Mutex

ckkckoudmgh

Attributes

delay
5
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  12919d04474c942ae2690a6524ca2f63_JaffaCakes118
- Size
  
  294KB
- MD5
  
  12919d04474c942ae2690a6524ca2f63
- SHA1
  
  4def81bc9bbe31b516d920d3927e97c9436d62e1
- SHA256
  
  e8fa87ca61975dd06856634213396736a9596b1b8f589f18ccb9eae2bfc34e0c
- SHA512
  
  14d5a4f9f1f26f38ec231e70792b448655c230b448708933564b73fb07acadc33b2c24d71814491e9817ed51fde748d9c0b3bc688f9a80dc72fd1a64e12fd3b3
- SSDEEP
  
  6144:6yWuZc8Nwe2jYN4VbCw81EkwyhGYGlqy45YPfe:dWuZc8QjYGVb/81EXtol
Score

10^/10

asyncrat discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2