asyncrat | 5647b223088d5f7055db455ce7c82de9a1f762126af37635e29b7ef84963ebf5 | Triage

Sharing

General

Target

3667642dbd2ed4f103292dd8944fc719_JaffaCakes118
Size

422KB
Sample

241011-x15kfayhla
MD5

3667642dbd2ed4f103292dd8944fc719
SHA1

54316089a0d981867f12d4ac551173cfde17233f
SHA256

5647b223088d5f7055db455ce7c82de9a1f762126af37635e29b7ef84963ebf5
SHA512

6858d1eeb7d9482029c06308a29bd512135bb7d20bad8e999c28ccb7a5544a50c6b9a619d338542dbb5371209a407ba948fc6dec1cdec3ab922c5af06180ca1b
SSDEEP

6144:Mvvu5zBxMQssziYWZTZ6ZSd2e2efswGaEXEdr10SH8+pOD4tyraO:OyiYWN408efsDaE0drS+OD4Ar

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:2510

194.5.98.81:2510

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
20
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  3667642dbd2ed4f103292dd8944fc719_JaffaCakes118
- Size
  
  422KB
- MD5
  
  3667642dbd2ed4f103292dd8944fc719
- SHA1
  
  54316089a0d981867f12d4ac551173cfde17233f
- SHA256
  
  5647b223088d5f7055db455ce7c82de9a1f762126af37635e29b7ef84963ebf5
- SHA512
  
  6858d1eeb7d9482029c06308a29bd512135bb7d20bad8e999c28ccb7a5544a50c6b9a619d338542dbb5371209a407ba948fc6dec1cdec3ab922c5af06180ca1b
- SSDEEP
  
  6144:Mvvu5zBxMQssziYWZTZ6ZSd2e2efswGaEXEdr10SH8+pOD4tyraO:OyiYWN408efsDaE0drS+OD4Ar
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat