asyncrat | 5a3152db74b5749cac0edc405cc09977c236b5433349946233eeb6616ff6d1c9 | Triage

Sharing

General

Target

2bacead73dde3c7e51b68340af645df1_JaffaCakes118
Size

365KB
Sample

241009-f46hgashnp
MD5

2bacead73dde3c7e51b68340af645df1
SHA1

f1d0d2bcd00cdeff0298281b3613a81b1a50e025
SHA256

5a3152db74b5749cac0edc405cc09977c236b5433349946233eeb6616ff6d1c9
SHA512

6eeeaa0d2e94c2f879463a7b6d3c259b2377f0802ff4d114394863137fce8f46073d92c883928368ec56b2c996b0a19f0816702121b272bdf10927ecc089c3e2
SSDEEP

6144:A74ulVbGPqrjBbBVDCcCVdKrLmzz03iU8dnH:A74GgP+dbTtCi/mJnH

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

64.44.167.67:6900

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2bacead73dde3c7e51b68340af645df1_JaffaCakes118
- Size
  
  365KB
- MD5
  
  2bacead73dde3c7e51b68340af645df1
- SHA1
  
  f1d0d2bcd00cdeff0298281b3613a81b1a50e025
- SHA256
  
  5a3152db74b5749cac0edc405cc09977c236b5433349946233eeb6616ff6d1c9
- SHA512
  
  6eeeaa0d2e94c2f879463a7b6d3c259b2377f0802ff4d114394863137fce8f46073d92c883928368ec56b2c996b0a19f0816702121b272bdf10927ecc089c3e2
- SSDEEP
  
  6144:A74ulVbGPqrjBbBVDCcCVdKrLmzz03iU8dnH:A74GgP+dbTtCi/mJnH
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat