asyncrat | a1d8230807e2247c48b5c732ab306ed66c6db923f21d9c50a0508a1cf1e03193 | Triage

Sharing

General

Target

JaffaCakes118_0cb84ba13936d8dcbc4fdd891932243f
Size

61KB
Sample

241231-jw7x4svrcx
MD5

0cb84ba13936d8dcbc4fdd891932243f
SHA1

756348d07f38f9dea09962a07a8ff6bf671daace
SHA256

a1d8230807e2247c48b5c732ab306ed66c6db923f21d9c50a0508a1cf1e03193
SHA512

3cd5770fbb17b35012ad930fdc53a6358d6da320dcc4dd67ff1cd27f07f05ccb1762c80c9b67b44a9d97b3d87bad60893c2a3434eff80ff232a4da3778430039
SSDEEP

1536:CuWIiKAPnPMspbQ628QA8VdN6r4PEYiqlgGdKDwlGlB6519Wd0es:wIfwnPMspM6DsdNdEYV2wL519m0e

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

Default

C2

172.30.1.10:7707

Mutex

ifgybnendzqduj

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_0cb84ba13936d8dcbc4fdd891932243f
- Size
  
  61KB
- MD5
  
  0cb84ba13936d8dcbc4fdd891932243f
- SHA1
  
  756348d07f38f9dea09962a07a8ff6bf671daace
- SHA256
  
  a1d8230807e2247c48b5c732ab306ed66c6db923f21d9c50a0508a1cf1e03193
- SHA512
  
  3cd5770fbb17b35012ad930fdc53a6358d6da320dcc4dd67ff1cd27f07f05ccb1762c80c9b67b44a9d97b3d87bad60893c2a3434eff80ff232a4da3778430039
- SSDEEP
  
  1536:CuWIiKAPnPMspbQ628QA8VdN6r4PEYiqlgGdKDwlGlB6519Wd0es:wIfwnPMspM6DsdNdEYV2wL519m0e
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat