asyncrat | b5d2ecdbd6249989d48a10f8ec95b0d29ad36c5154c2c05bdb0bb25ed9bdfb7c | Triage

Sharing

General

Target

5697e9dc2fbe26d04f55957153efe44c_JaffaCakes118
Size

299KB
Sample

240729-wdb4yasbkm
MD5

5697e9dc2fbe26d04f55957153efe44c
SHA1

dbeebefb57db333cdbd6a842ed3cc322d56eb356
SHA256

b5d2ecdbd6249989d48a10f8ec95b0d29ad36c5154c2c05bdb0bb25ed9bdfb7c
SHA512

7fd8792343e9871f8ffa5bcbdd527a4a7c2c2018cd08f4dc42be0a18f29c95e0dc9b544db88cac15e000c609f99c3a451c9505a1b1e60b198fd9ecd6d94db0c5
SSDEEP

6144:V6mqKT25znghEcv8/2CL7EHCUSCrb1rNdbu:ImqKYH8HCxM9+

Score

10^/10

asyncrat default discovery evasion rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.239.242.166:5536

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  5697e9dc2fbe26d04f55957153efe44c_JaffaCakes118
- Size
  
  299KB
- MD5
  
  5697e9dc2fbe26d04f55957153efe44c
- SHA1
  
  dbeebefb57db333cdbd6a842ed3cc322d56eb356
- SHA256
  
  b5d2ecdbd6249989d48a10f8ec95b0d29ad36c5154c2c05bdb0bb25ed9bdfb7c
- SHA512
  
  7fd8792343e9871f8ffa5bcbdd527a4a7c2c2018cd08f4dc42be0a18f29c95e0dc9b544db88cac15e000c609f99c3a451c9505a1b1e60b198fd9ecd6d94db0c5
- SSDEEP
  
  6144:V6mqKT25znghEcv8/2CL7EHCUSCrb1rNdbu:ImqKYH8HCxM9+
Score

10^/10

asyncrat default discovery evasion rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryevasionrattrojan

behavioral2

asyncratdefaultdiscoveryevasionrattrojan