asyncrat | 7eb7b284890091dda7cf5b13084bc33a380105c841e82d8e9e11ac6efcac2884 | Triage

Sharing

General

Target

JaffaCakes118_2ecfe00e0cfcf45ff8454452b6122226
Size

332KB
Sample

250106-t8b2batmhr
MD5

2ecfe00e0cfcf45ff8454452b6122226
SHA1

6d646c61e6cc0ebf17adcc78bb29ae9edfe1fa78
SHA256

7eb7b284890091dda7cf5b13084bc33a380105c841e82d8e9e11ac6efcac2884
SHA512

123e02a62e0f8a928223d000e4cc9198578f934c7a5aabd1a91d6b6d7817a01181e39740ab9c35161af16b1c82204e25eb24a59b70ee915a0447d03d7fab9202
SSDEEP

1536:sNCXSwzbxJtFvWNB7LHJJ8JMEkTd9P78hEffND29hcHblsmUhP6a1/fWDzFGTO9R:C

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

elliotgateway.ddns.net:5555

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_2ecfe00e0cfcf45ff8454452b6122226
- Size
  
  332KB
- MD5
  
  2ecfe00e0cfcf45ff8454452b6122226
- SHA1
  
  6d646c61e6cc0ebf17adcc78bb29ae9edfe1fa78
- SHA256
  
  7eb7b284890091dda7cf5b13084bc33a380105c841e82d8e9e11ac6efcac2884
- SHA512
  
  123e02a62e0f8a928223d000e4cc9198578f934c7a5aabd1a91d6b6d7817a01181e39740ab9c35161af16b1c82204e25eb24a59b70ee915a0447d03d7fab9202
- SSDEEP
  
  1536:sNCXSwzbxJtFvWNB7LHJJ8JMEkTd9P78hEffND29hcHblsmUhP6a1/fWDzFGTO9R:C
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat