asyncrat | f95c8ace1331a172303a2f2cea8edc805203156e499012df465a158246495cce | Triage

Sharing

General

Target

JaffaCakes118_2639445988d9173a2f4e1f95d3ab6062
Size

609KB
Sample

241231-tathpszmgj
MD5

2639445988d9173a2f4e1f95d3ab6062
SHA1

5469590c4a341104f6bab13f1b7b484d43b1d34d
SHA256

f95c8ace1331a172303a2f2cea8edc805203156e499012df465a158246495cce
SHA512

88b8d43d8d263ea9700a855606354eae0a496c9ff2f3e96398d607f0d81345b19a19bef0b1728d1828671ebe3563df891cdc62912b2fa9086615947a9f9bf5e1
SSDEEP

12288:sULh08OGQuZLvqJFTP2bvCuJsGx48vpnnuQsHhJfAUyfvq3:GnGQYTqaCCsGx48vJuQq

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

23.95.115.74:1465

23.95.115.74:1560

23.95.115.74:1148

23.95.115.74:1985

216.250.249.156:1465

216.250.249.156:1560

216.250.249.156:1148

216.250.249.156:1985

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_2639445988d9173a2f4e1f95d3ab6062
- Size
  
  609KB
- MD5
  
  2639445988d9173a2f4e1f95d3ab6062
- SHA1
  
  5469590c4a341104f6bab13f1b7b484d43b1d34d
- SHA256
  
  f95c8ace1331a172303a2f2cea8edc805203156e499012df465a158246495cce
- SHA512
  
  88b8d43d8d263ea9700a855606354eae0a496c9ff2f3e96398d607f0d81345b19a19bef0b1728d1828671ebe3563df891cdc62912b2fa9086615947a9f9bf5e1
- SSDEEP
  
  12288:sULh08OGQuZLvqJFTP2bvCuJsGx48vpnnuQsHhJfAUyfvq3:GnGQYTqaCCsGx48vJuQq
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat