asyncrat | f01fc803ab925bd0f9cc2c8687d67d82ca43f93fa4e6ca9a73ae46f323711190 | Triage

Submit
Reports

Overview

overview

Static

static

3

8c1fa86fbb...18.exe

windows7-x64

8c1fa86fbb...18.exe

windows10-2004-x64

Sharing

General

Target

8c1fa86fbb24a44d6573dda89c02f9c5_JaffaCakes118
Size

458KB
Sample

241103-smqf5swpaw
MD5

8c1fa86fbb24a44d6573dda89c02f9c5
SHA1

47d96018dca8ad9d93cab6aea20df4105911e320
SHA256

f01fc803ab925bd0f9cc2c8687d67d82ca43f93fa4e6ca9a73ae46f323711190
SHA512

ce291b52ee0a873f931f80b2a51c3f96b33cd0e64bc1db007d2311359a2108b93e73fa32c4c17dc274ba1165bc16afa2063fcd7ac344715bbd91b6ec9d33f242
SSDEEP

6144:wuPTP6rggRL6uFbqs+jDuU98y9A9KPcmq9ky+kw2:wuPTP/gRWutyjDNcXh

Score

10^/10

asyncrat default discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8c1fa86fbb24a44d6573dda89c02f9c5_JaffaCakes118.exe

Resource

win7-20240903-en

asyncrat default discovery rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c1fa86fbb24a44d6573dda89c02f9c5_JaffaCakes118.exe

Resource

win10v2004-20241007-en

asyncrat default discovery rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

194.163.171.47:9292

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  8c1fa86fbb24a44d6573dda89c02f9c5_JaffaCakes118
- Size
  
  458KB
- MD5
  
  8c1fa86fbb24a44d6573dda89c02f9c5
- SHA1
  
  47d96018dca8ad9d93cab6aea20df4105911e320
- SHA256
  
  f01fc803ab925bd0f9cc2c8687d67d82ca43f93fa4e6ca9a73ae46f323711190
- SHA512
  
  ce291b52ee0a873f931f80b2a51c3f96b33cd0e64bc1db007d2311359a2108b93e73fa32c4c17dc274ba1165bc16afa2063fcd7ac344715bbd91b6ec9d33f242
- SSDEEP
  
  6144:wuPTP6rggRL6uFbqs+jDuU98y9A9KPcmq9ky+kw2:wuPTP/gRWutyjDNcXh
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

© 2018-2024

Terms | Privacy