asyncrat | dd15d364592da8dbc249ff5480112724cace64d1ac27b32693395283e4603ab8

Analysis

max time kernel
150s
max time network
134s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99b4a88577411f9c55d927eeabdd8528_JaffaCakes118.exe
Size

47KB
MD5

99b4a88577411f9c55d927eeabdd8528
SHA1

7d26960f9db961c6252b2b53248f9bc8a3de2022
SHA256

dd15d364592da8dbc249ff5480112724cace64d1ac27b32693395283e4603ab8
SHA512

9bb4c046d04aa5ab90674af71d54281a4cbf13a42abb022550d5ec171728a5425b473e4e4e340cbe7bf66ce5f7bec50ebd98850f655900f8dd72869775e5296d
SSDEEP

768:Vx7QMF2O2dqc5rZavOr3IYsTBvx99TCqyjbigz3i77aqN2ctd1RzXNPClZa2tYch:Vx7QMFTwr4Ykp9febFzSf7noraKmVcl

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

Default

213.238.172.124:1604

Mutex

hfuobqkyqknvi

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

99b4a88577411f9c55d927eeabdd8528_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	99b4a88577411f9c55d927eeabdd8528_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\99b4a88577411f9c55d927eeabdd8528_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\99b4a88577411f9c55d927eeabdd8528_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-0-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/2556-1-0x0000000000E10000-0x0000000000E22000-memory.dmp

Filesize
72KB

Download
memory/2556-2-0x00000000744E0000-0x0000000074BCE000-memory.dmp

Filesize
6.9MB

Download
memory/2556-3-0x00000000744EE000-0x00000000744EF000-memory.dmp

Filesize
4KB

Download
memory/2556-4-0x00000000744E0000-0x0000000074BCE000-memory.dmp

Filesize
6.9MB

Download