asyncrat

General

Target

JaffaCakes118_30ad125e0d178551fc09fcc0f0fd6c196536f2118e0ea8689f5719f4d4e23b9f
Size

178KB
Sample

241229-mn4r9szjhq
MD5

dccfb0cb9b3f0be19c7b1a3c036483ab
SHA1

36957094efec97c62daee395da7cd91c8d6c0bf9
SHA256

30ad125e0d178551fc09fcc0f0fd6c196536f2118e0ea8689f5719f4d4e23b9f
SHA512

8ace757350b1c515d891d74fad024e7b9359710ae1b57ffd9d4e01d5fa2f3f63c1e33c868bbb40d94704f61ef3038a4c5a020164a68328475fc482be5a5dc416
SSDEEP

3072:oFvP/bNaHXg6PfWqSUdedrnmwDr06BUgUG2DSBNmJ4DQmjIEvhWUgEPKIjJJ/z7B:oF3/cXr3WqkdSQ0KZhHm2DQIIEZWgBDJ

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

26/4/22

C2

znets.ddns.net:2000

dnets.ddns.net:2000

Mutex

mgjgjfugfrabywe7retren89i><LPO((*&*UJjiM8yn&&*N89I)(

Attributes

delay
3
install
false
install_file
Windows Utility Essentials.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b899fc7141b866552940b6ee0f8ab0d214a05c8338906fd85fae67c507d652bb
- Size
  
  481KB
- MD5
  
  3bcf40a5ad0db3f29f3c6243a923e277
- SHA1
  
  5a500389d073311b3decc47819c19dd7faf56abb
- SHA256
  
  b899fc7141b866552940b6ee0f8ab0d214a05c8338906fd85fae67c507d652bb
- SHA512
  
  45ffa4c66672403220f96b58dc4bc6ac361aff38e8bb14743c63ab52659229d186a36181b7b396b024648f1f2bc54a67ca7224f1fe17cb2a4ad04d5986d78d9a
- SSDEEP
  
  6144:csFDZUi1H8vzgMU+duPOyxzWtrboPZXBR+IhQaTb5Jz/:nlH8vzgL8QJxzWqRXBR
Score

10^/10

asyncrat 26/4/22 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2