asyncrat | 5a40afa6e0c4a9f1e700f69fa43bdb72a6bcb0a7f91a223296edf97ac4cf4bf5 | Triage

Sharing

General

Target

JaffaCakes118_5a40afa6e0c4a9f1e700f69fa43bdb72a6bcb0a7f91a223296edf97ac4cf4bf5
Size

474KB
Sample

241230-dag7nswjcj
MD5

e2b8898ebc482255b2377e69495f24e4
SHA1

c29f621571e180eca217c84c6f0c65cda498484f
SHA256

5a40afa6e0c4a9f1e700f69fa43bdb72a6bcb0a7f91a223296edf97ac4cf4bf5
SHA512

f3782abd5b8da3972ed5ca6480bb82fe14a388415ee7bda08e31526db3391c6f0bee1a90e6408a12c1495fd4d1ee839c6f9f733c28880b3d6b242ee24a3b41bc
SSDEEP

6144:hjMyp5KPQdQfBajysRbqOlCzxopFpjxQCi1H1SEX+31UgDu/KVv3RyTMtfRY4i:hjMjdfA+8bnYzxWpN8Z1fW1lR4KWT

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.0.14.197:6060

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
images.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  53949b99b9556d09fe8d11ec6d41d96055a9fbf2a31360f38ab18b26b6511219
- Size
  
  693KB
- MD5
  
  32a1c8ff16fa3dde2509d9cf26f79ba0
- SHA1
  
  eb8d087b2be3fb85375b77244e4a8e9ea5d6044b
- SHA256
  
  53949b99b9556d09fe8d11ec6d41d96055a9fbf2a31360f38ab18b26b6511219
- SHA512
  
  b628a47a0e3d5ae508093915b844c480b4fa31b7bed8ed1fbc19afecc7225228c176c0a018cf3842a92447af88cdc36e7e82e1303a1f0078c6ce3854f1836088
- SSDEEP
  
  12288:C+JoKggb2iNdvpc++Ghkd1fW1xLeM2TgN/0s:CIoKgK1XpS4u+Ugi
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryexecutionrat

behavioral2

asyncratdefaultdiscoveryexecutionrat