asyncrat | 185b8075ebe0e41cfdabdb9f1d676c417778ccc2861dbc98f00a8dd8cfbc199b | Triage

Sharing

General

Target

JaffaCakes118_622b97f6333970486d841abf78e3fdb8
Size

186KB
Sample

250102-c653yaypft
MD5

622b97f6333970486d841abf78e3fdb8
SHA1

7faf2915ab113571dcc2a2cc81d21e988ea5b94f
SHA256

185b8075ebe0e41cfdabdb9f1d676c417778ccc2861dbc98f00a8dd8cfbc199b
SHA512

642a85b022b92c1bf7443fbcb6693c920c9c1463ac8824cf20dadd78390493fe51a40b52f5b8dea143cf4834e4c49451767c3c9f912603ea1aac54061dc5263b
SSDEEP

384:LlAR5043qPe6L5w/ep7Q8xi7FXhopJOWfDAyMx7UcvhfBT8+vMmN+tVgvKneyqLx:mRdzGVvk+nXqU2r

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
Runtime Broker.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/CmxpZKhW

aes.plain

Targets

- Target
  
  JaffaCakes118_622b97f6333970486d841abf78e3fdb8
- Size
  
  186KB
- MD5
  
  622b97f6333970486d841abf78e3fdb8
- SHA1
  
  7faf2915ab113571dcc2a2cc81d21e988ea5b94f
- SHA256
  
  185b8075ebe0e41cfdabdb9f1d676c417778ccc2861dbc98f00a8dd8cfbc199b
- SHA512
  
  642a85b022b92c1bf7443fbcb6693c920c9c1463ac8824cf20dadd78390493fe51a40b52f5b8dea143cf4834e4c49451767c3c9f912603ea1aac54061dc5263b
- SSDEEP
  
  384:LlAR5043qPe6L5w/ep7Q8xi7FXhopJOWfDAyMx7UcvhfBT8+vMmN+tVgvKneyqLx:mRdzGVvk+nXqU2r
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat