asyncrat | c40a6434008cf6fb6738f64bc52b5aa0f93cf50dec65c3d84e34174cfd3e962d | Triage

Submit
Reports

Overview

overview

Static

static

Johnnyspanel.exe

windows10-1703-x64

Sharing

General

Target

Johnnyspanel.exe
Size

63KB
Sample

241012-eccwea1gqd
MD5

e6b3b8ea39d8bc6eea1c703295d17ef2
SHA1

34babad08af3f8ae9f4e6507625167038d479dd7
SHA256

c40a6434008cf6fb6738f64bc52b5aa0f93cf50dec65c3d84e34174cfd3e962d
SHA512

24a5505feddfe229304fd4c15af49e81e02cddbc0bc1612daa9a670fa13faab90a729079cdf1fbec176cda88c8ffcb6822d1f6aafeb5be774b15d7e45d829563
SSDEEP

768:S+BAGkPhz/n78FoC8A+Xk+YDT8JHy31+T4ySBGHmDbDgps0oXnoIIjzsSukdpqKX:Tq/bL2h39YUbWs9oVzrukdpqKmY7

Score

10^/10

asyncrat default discovery persistence privilege_escalation rat

Static task

static1

rat default asyncrat

3 signatures

Behavioral task

behavioral1

Sample

Johnnyspanel.exe

Resource

win10-20240404-en

asyncrat default discovery persistence privilege_escalation rat

windows10-1703-x64

20 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes

delay
1
install
true
install_file
Run.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Johnnyspanel.exe
- Size
  
  63KB
- MD5
  
  e6b3b8ea39d8bc6eea1c703295d17ef2
- SHA1
  
  34babad08af3f8ae9f4e6507625167038d479dd7
- SHA256
  
  c40a6434008cf6fb6738f64bc52b5aa0f93cf50dec65c3d84e34174cfd3e962d
- SHA512
  
  24a5505feddfe229304fd4c15af49e81e02cddbc0bc1612daa9a670fa13faab90a729079cdf1fbec176cda88c8ffcb6822d1f6aafeb5be774b15d7e45d829563
- SSDEEP
  
  768:S+BAGkPhz/n78FoC8A+Xk+YDT8JHy31+T4ySBGHmDbDgps0oXnoIIjzsSukdpqKX:Tq/bL2h39YUbWs9oVzrukdpqKmY7
Score

10^/10

asyncrat default discovery persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultdiscoverypersistenceprivilege_escalationrat

© 2018-2024

Terms | Privacy