asyncrat | e1cbce76ebc57b1595c3260845d85bd05ab5eaa165bfffbd02acde8720138086 | Triage

Sharing

General

Target

JaffaCakes118_e1cbce76ebc57b1595c3260845d85bd05ab5eaa165bfffbd02acde8720138086
Size

23KB
Sample

241223-sz453atlfj
MD5

306b284da165fc7532380c284dc14f06
SHA1

3cbf1c6bc17a6f8ac75e0442a2a23119762541b3
SHA256

e1cbce76ebc57b1595c3260845d85bd05ab5eaa165bfffbd02acde8720138086
SHA512

0b8c401cb6c772b949d6b7df2991eeb7e31b3f0d8afeadd1f30bfb122364a211598d14abcf6f10f4a55b4771524537f3aa1a05939ec9a00e35872b8e1996dafe
SSDEEP

384:3v0l/f96n9RFpsoySAODdlpn2X8TfhRiYsyQiCixIUPgpo2Mh34YRPy5c09yiAtv:cl/lyhsoDVnpn2eYOCixIbMhoYo5QHPd

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
Windows Service .exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/T7ujLwLW

aes.plain

Targets

- Target
  
  447f95e2299fbab8e30669f1fd5c71b2e69499e25adae3373093c0317f53fdc5
- Size
  
  48KB
- MD5
  
  a671a69d4e3f7425bf163eae052250ff
- SHA1
  
  80c47eae696348b607f5f54ab3101c10c64192ce
- SHA256
  
  447f95e2299fbab8e30669f1fd5c71b2e69499e25adae3373093c0317f53fdc5
- SHA512
  
  527a88921d628ffbe1cfbe21f204e3dbf3cea026129c6a9e3d713a82b9c9e6f75155f5da4bfe2f14845d6542cdbe129fa72214b028c4fdc397456d33f789a85b
- SSDEEP
  
  768:mbRJZBILLWQ9+jiwtelDSN+iV08Ybygecb+zqBEmyIvEgK/JbZVc6KN:mbRq9wtKDs4zb1pu9xInkJbZVclN
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ratdefaultasyncrat

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat