asyncrat | c020c7936719d18af0c8140f8b67a9c80740d793d2a928986ca7671f7af1c1f9 | Triage

Sharing

General

Target

a2b2360703fd3012dc77fb2435c7ca9a_JaffaCakes118
Size

425KB
Sample

241126-sva2estkak
MD5

a2b2360703fd3012dc77fb2435c7ca9a
SHA1

600769adc972c2e608da3aa0bbded8cafc26cb5b
SHA256

c020c7936719d18af0c8140f8b67a9c80740d793d2a928986ca7671f7af1c1f9
SHA512

8baf721cb58aa5ead504ac71b064144c091747f1b46a1549571772e16038ed4fa43dcdb1fa16866ddef01ab86c708c20fc28db78e0a4220282341a62b4e58c8b
SSDEEP

6144:PkDuwVHydsLxdZde3W0G2VJz/qmkDzC//qCgbQRx0ZWUf36vAwIXJ72MEIQ:EuTdIFk3ZJz/qtDzyg0Rx0ZyvAJ8MEIQ

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

45.137.22.115:14496

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  hsbc_mt103.exe
- Size
  
  766KB
- MD5
  
  d8f7a8dbe9c0a94e1cd735531f97c06f
- SHA1
  
  5b47aa4c977edd0543a362361cd5cadfb74d719d
- SHA256
  
  c29f0b3c22887b82a623a2c21c6968aa0b7b7046eeae09f83966685c6564a178
- SHA512
  
  d981450aa5520f488b55561bb4cad75aad51bbf526fb472fdb9004f8cc4e04d276d7ec32c90342bc1fb655d9a4d38ffbdf9c15a1da5d726f3b6d6d9cfb417d69
- SSDEEP
  
  6144:bUZvP6UqKyIX58C9p/Mh2fLPpfP++3ysS8schliR0VT+c:FUryIpv5McfLPVPlCsSRch8R0VT+
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat