asyncrat | 380afcca7c0cfc3e015be647a0b46fa4a2b56a213d8428db3a6503a737b2a0f9 | Triage

Sharing

General

Target

JaffaCakes118_380afcca7c0cfc3e015be647a0b46fa4a2b56a213d8428db3a6503a737b2a0f9
Size

197KB
Sample

241222-b4trfsxrhz
MD5

308d7ff7f284eed50cb29aedc8f3bb48
SHA1

3cf054753beb7c857c198b5def3804e29f3426ff
SHA256

380afcca7c0cfc3e015be647a0b46fa4a2b56a213d8428db3a6503a737b2a0f9
SHA512

c393d34572c134d6ad6bb7b90598d04275f08f00b51d6acd2d4709df2460fe67ea347e4cd0baf8134cac9d776721f627601ea8ca9599147965220435cabac0be
SSDEEP

3072:31HYHcps3mbJHdLibcIdTDtf39sJb1kQAnF1Ea0pP+:3sMs2XeDd9fNEY

Score

10^/10

asyncrat default discovery execution persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

franmhort.duia.ro:8153

Mutex

Mutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
win.exe
install_folder
%AppData%

aes.plain

1
umTGKQv7bfMaU4xLpNr2x9J6n1sCKyPN

Targets

- Target
  
  JaffaCakes118_380afcca7c0cfc3e015be647a0b46fa4a2b56a213d8428db3a6503a737b2a0f9
- Size
  
  197KB
- MD5
  
  308d7ff7f284eed50cb29aedc8f3bb48
- SHA1
  
  3cf054753beb7c857c198b5def3804e29f3426ff
- SHA256
  
  380afcca7c0cfc3e015be647a0b46fa4a2b56a213d8428db3a6503a737b2a0f9
- SHA512
  
  c393d34572c134d6ad6bb7b90598d04275f08f00b51d6acd2d4709df2460fe67ea347e4cd0baf8134cac9d776721f627601ea8ca9599147965220435cabac0be
- SSDEEP
  
  3072:31HYHcps3mbJHdLibcIdTDtf39sJb1kQAnF1Ea0pP+:3sMs2XeDd9fNEY
Score

10^/10

asyncrat default discovery execution persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionpersistencerat

behavioral2

asyncratdefaultdiscoveryexecutionpersistencerat