asyncrat | 0dc0afcacc62e67589ff14452f5e1fc749c36f70ecedbed56b39c0e0081c2e3d | Triage

Sharing

General

Target

fe6df2be242b8f051d1031ac17f97788_JaffaCakes118
Size

375KB
Sample

240929-nkdx4swbjd
MD5

fe6df2be242b8f051d1031ac17f97788
SHA1

836da0ac005c03940cc3401d83528326a2148a56
SHA256

0dc0afcacc62e67589ff14452f5e1fc749c36f70ecedbed56b39c0e0081c2e3d
SHA512

bb930da5561f33315f480b2c0347e49de208d4fcf178f4dcb94e4b24a347ef6ec1dededc5ff4cd0867f35d6e36f7bfb5f8560756dabc9f09c611863058993ae0
SSDEEP

6144:GKmHRfq8+gw9tiUhrMQqAnlxBqOJ2+/GdAkV10Uv5ERZX:GKmxfqNP9/MtAvMS2Dyc0UviRZ

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

laboratoriogenfarp.linkpc.net:3490

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
windefendllinici.exe
install_folder
%Temp%

aes.plain

Targets

- Target
  
  fe6df2be242b8f051d1031ac17f97788_JaffaCakes118
- Size
  
  375KB
- MD5
  
  fe6df2be242b8f051d1031ac17f97788
- SHA1
  
  836da0ac005c03940cc3401d83528326a2148a56
- SHA256
  
  0dc0afcacc62e67589ff14452f5e1fc749c36f70ecedbed56b39c0e0081c2e3d
- SHA512
  
  bb930da5561f33315f480b2c0347e49de208d4fcf178f4dcb94e4b24a347ef6ec1dededc5ff4cd0867f35d6e36f7bfb5f8560756dabc9f09c611863058993ae0
- SSDEEP
  
  6144:GKmHRfq8+gw9tiUhrMQqAnlxBqOJ2+/GdAkV10Uv5ERZX:GKmxfqNP9/MtAvMS2Dyc0UviRZ
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat