asyncrat | cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815 | Triage

Sharing

General

Target

JaffaCakes118_cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815
Size

266KB
Sample

241230-27wy4atjgp
MD5

b2b5da2e78b297ef26d53af784ccaf81
SHA1

d26490e3da6c5da661ff349824672fa93199eb81
SHA256

cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815
SHA512

1ae7d55ac49177c8ea6c9f2e814194c15271d22cc37501798e6460d78cc8d93b5b4513fcdb6e963a929fa6ebae8e2e3e45eb4de244d4fdb463030d2ca4b7776c
SSDEEP

1536:eh/IJn60mcKfS49U4CP6tw1s4/be7p325ZTnRmbQVdeHRPl+bQUajg/wt5ph1l7Y:eK

Score

10^/10

asyncrat $$$$discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

$$$$

C2

cdtpitbull.hopto.org:7707

cdtpitbull.hopto.org:4404

cdtpitbull.hopto.org:5505

cdtpitbull.hopto.org:3303

cdtpitbull.hopto.org:2222

chromedata.accesscam.org:7707

chromedata.accesscam.org:4404

chromedata.accesscam.org:5505

chromedata.accesscam.org:3303

chromedata.accesscam.org:2222

datacontrol.ddns.net:7707

datacontrol.ddns.net:4404

datacontrol.ddns.net:5505

datacontrol.ddns.net:3303

datacontrol.ddns.net:2222

cdt2023.ddns.net:7707

cdt2023.ddns.net:4404

cdt2023.ddns.net:5505

cdt2023.ddns.net:3303

cdt2023.ddns.net:2222

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
DesbravadorUpdata.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815
- Size
  
  266KB
- MD5
  
  b2b5da2e78b297ef26d53af784ccaf81
- SHA1
  
  d26490e3da6c5da661ff349824672fa93199eb81
- SHA256
  
  cd9ed05240e880b36ad0cdd5bda62cba3f4bea55e69d62282030674f7a4da815
- SHA512
  
  1ae7d55ac49177c8ea6c9f2e814194c15271d22cc37501798e6460d78cc8d93b5b4513fcdb6e963a929fa6ebae8e2e3e45eb4de244d4fdb463030d2ca4b7776c
- SSDEEP
  
  1536:eh/IJn60mcKfS49U4CP6tw1s4/be7p325ZTnRmbQVdeHRPl+bQUajg/wt5ph1l7Y:eK
Score

10^/10

execution asyncrat $$$$discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncrat$$$$discoveryexecutionrat