asyncrat | 72e7f51955137137fbdaee4a2b4874e3173f96fd5067fdfecb088ff3b790aa15 | Triage

Sharing

General

Target

JaffaCakes118_72e7f51955137137fbdaee4a2b4874e3173f96fd5067fdfecb088ff3b790aa15
Size

474KB
Sample

241226-zncp1azlbl
MD5

284a5ce6226cdfbf4d1d490c39731117
SHA1

b6888fee65da93aa3600029d7ff0b9d340414df6
SHA256

72e7f51955137137fbdaee4a2b4874e3173f96fd5067fdfecb088ff3b790aa15
SHA512

f6618bd78eab936274a96a02f5abd4af597df2f6b9ce00f91e0d75d075583ea40e9af476c8d9541a9e2ad1a63d70dd4284bcbbf0fc1a8270c9fb14f5cc48fef9
SSDEEP

12288:IR8BgAQhWrv3B2fKdbYTX9XOyIHbrG4cZ0gdG/52Vn1SJtUR:7uAQhuv3kfKdbYTX5I79b+k2V1YSR

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.0.14.198:6161

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  38e1bbae005365e92cf80aa6ef199d5107af57fde3afb02c31dc1bde875c68f7
- Size
  
  694KB
- MD5
  
  32c67f99f3c95ba5e1816ca208f9b723
- SHA1
  
  c1e29ecea3c87d671448b9dbcc8d8c67b0d14b7e
- SHA256
  
  38e1bbae005365e92cf80aa6ef199d5107af57fde3afb02c31dc1bde875c68f7
- SHA512
  
  578526bda2f08948475726f36bf247aabeb8f3941f95153d6786bc0db6e43bad44502ef1757bae2bb7c6f6bd0a4bd51e9b33ae363be293b75f490a26c03795f8
- SSDEEP
  
  12288:btoKggb2iNdvpc++pd1yIBbrk4ct0gdK/5SVns2M2TgN/0s:5oKgK1XpSpGIZn9+YSVsggi
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat