asyncrat | aaf00e1348307208d3415f629193cdf125171170a32a8cdeb140e8373d079714 | Triage

Sharing

General

Target

a52d0c834a09cc7efdfe374ee2f4f90e_JaffaCakes118
Size

380KB
Sample

240818-dr2yeavgnp
MD5

a52d0c834a09cc7efdfe374ee2f4f90e
SHA1

5957da57c40aef542a52d07df04501f74b631bdb
SHA256

aaf00e1348307208d3415f629193cdf125171170a32a8cdeb140e8373d079714
SHA512

e99e1429dcac7398473cecb4a63cce2ac1b0bccb2f4dd284e38c1ca16dac21d0d6552c886604c87fe79590274ea821734faf874639f873883a75e0d4d5a247e8
SSDEEP

6144:hBUl1fcf0Tv2sbP6mSPmFFLmlrqQroarJ0zUWZyzhX:Q79vnz6mSQYxkarJaZyzh

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  a52d0c834a09cc7efdfe374ee2f4f90e_JaffaCakes118
- Size
  
  380KB
- MD5
  
  a52d0c834a09cc7efdfe374ee2f4f90e
- SHA1
  
  5957da57c40aef542a52d07df04501f74b631bdb
- SHA256
  
  aaf00e1348307208d3415f629193cdf125171170a32a8cdeb140e8373d079714
- SHA512
  
  e99e1429dcac7398473cecb4a63cce2ac1b0bccb2f4dd284e38c1ca16dac21d0d6552c886604c87fe79590274ea821734faf874639f873883a75e0d4d5a247e8
- SSDEEP
  
  6144:hBUl1fcf0Tv2sbP6mSPmFFLmlrqQroarJ0zUWZyzhX:Q79vnz6mSQYxkarJaZyzh
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat