asyncrat | 126ca25c724c3b76d945be8c103c7d3b0faa68a9f872342774b075efa2fd2c8b | Triage

Sharing

General

Target

JaffaCakes118_126ca25c724c3b76d945be8c103c7d3b0faa68a9f872342774b075efa2fd2c8b
Size

474KB
Sample

241222-k5n22asnel
MD5

945b9b814198d4a148ab06f59f28ad37
SHA1

727a58d30896eaa2bedaf4ee0f9da8ab4979e1bd
SHA256

126ca25c724c3b76d945be8c103c7d3b0faa68a9f872342774b075efa2fd2c8b
SHA512

1055602d62fe51058102fbf250fac61db41736cb2523a33b6b4755212aafa227e598e3be8845eb3facf25610ed9896dc4eecf48b0082d7179a02a70112036bf0
SSDEEP

6144:OjMyp5KPQdQfBajysRbqOlCzxopFpjxQCi1H1SEX+31UgDu/KVv3RyTMtfRY4B:OjMjdfA+8bnYzxWpN8Z1fW1lR4KWY

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.0.14.197:6060

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
images.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  53949b99b9556d09fe8d11ec6d41d96055a9fbf2a31360f38ab18b26b6511219
- Size
  
  693KB
- MD5
  
  32a1c8ff16fa3dde2509d9cf26f79ba0
- SHA1
  
  eb8d087b2be3fb85375b77244e4a8e9ea5d6044b
- SHA256
  
  53949b99b9556d09fe8d11ec6d41d96055a9fbf2a31360f38ab18b26b6511219
- SHA512
  
  b628a47a0e3d5ae508093915b844c480b4fa31b7bed8ed1fbc19afecc7225228c176c0a018cf3842a92447af88cdc36e7e82e1303a1f0078c6ce3854f1836088
- SSDEEP
  
  12288:C+JoKggb2iNdvpc++Ghkd1fW1xLeM2TgN/0s:CIoKgK1XpS4u+Ugi
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat