asyncrat

General

Target

JaffaCakes118_777a952f66baa34bde02c6075430a407
Size

50KB
Sample

250104-ehrxhssnhm
MD5

777a952f66baa34bde02c6075430a407
SHA1

e737be56566ab4f09abcf8988220f0517834851d
SHA256

6143e80d28f382ac57c41eeab350f8be0e88f642211ae1726538685eb0686aa9
SHA512

b707be23a181518d4a318101e8b5dc04dba26949cc2e743e50f054eefffdc0585a9a8502719f732d1855a841735771d43717ff4611b36d6a27598235f3023402
SSDEEP

768:f95geQCs3gOm6tiJSaZok3PRBX4fIOJaWm+YrEGMlc9OtwCvU062:fQe3sQMtBa+y5OsWm+Ygz20v

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

192.168.137.247:6606

192.168.137.247:7707

192.168.137.247:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_777a952f66baa34bde02c6075430a407
- Size
  
  50KB
- MD5
  
  777a952f66baa34bde02c6075430a407
- SHA1
  
  e737be56566ab4f09abcf8988220f0517834851d
- SHA256
  
  6143e80d28f382ac57c41eeab350f8be0e88f642211ae1726538685eb0686aa9
- SHA512
  
  b707be23a181518d4a318101e8b5dc04dba26949cc2e743e50f054eefffdc0585a9a8502719f732d1855a841735771d43717ff4611b36d6a27598235f3023402
- SSDEEP
  
  768:f95geQCs3gOm6tiJSaZok3PRBX4fIOJaWm+YrEGMlc9OtwCvU062:fQe3sQMtBa+y5OsWm+Ygz20v
Score

10^/10

asyncrat default discovery execution rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Async RAT payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2