asyncrat | ed77428124df77e71916701501c30ad35e7d3ee17572aa705e989f8b786cbe20 | Triage

Sharing

General

Target

90a0e47f0bd69bdade317bdf239a86f7_JaffaCakes118
Size

822KB
Sample

240812-2vjg8svgnn
MD5

90a0e47f0bd69bdade317bdf239a86f7
SHA1

e1378bf432db9c5b4453cd62bf35f99c08ab0a65
SHA256

ed77428124df77e71916701501c30ad35e7d3ee17572aa705e989f8b786cbe20
SHA512

df211dc93208748966ed90f960be15644d1c1074657b9c1cc1c037839163444e7e5d0e00c194a5ea6863467ecbef5fa4074bffde4781c0d231c1fa16b934f876
SSDEEP

6144:upCYmT8DUjwtcTtg5tp83CBSS5UkX7QxKUk8PxLgiBb5e4Fq/OIhqwyQR+YVd4O3:brS5UknU/giBb5ZF1VB9O+m

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  90a0e47f0bd69bdade317bdf239a86f7_JaffaCakes118
- Size
  
  822KB
- MD5
  
  90a0e47f0bd69bdade317bdf239a86f7
- SHA1
  
  e1378bf432db9c5b4453cd62bf35f99c08ab0a65
- SHA256
  
  ed77428124df77e71916701501c30ad35e7d3ee17572aa705e989f8b786cbe20
- SHA512
  
  df211dc93208748966ed90f960be15644d1c1074657b9c1cc1c037839163444e7e5d0e00c194a5ea6863467ecbef5fa4074bffde4781c0d231c1fa16b934f876
- SSDEEP
  
  6144:upCYmT8DUjwtcTtg5tp83CBSS5UkX7QxKUk8PxLgiBb5e4Fq/OIhqwyQR+YVd4O3:brS5UknU/giBb5ZF1VB9O+m
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat