asyncrat | 362fed03ae922e05914e4b2d42ae0f99c27601f6cc3ce3c9a9bdcdcc8a06aee0 | Triage

Sharing

General

Target

JaffaCakes118_a494969c93a55a04d5bd0f5ea1ad326f
Size

100KB
Sample

250108-rtd61swkfj
MD5

a494969c93a55a04d5bd0f5ea1ad326f
SHA1

e9cff573b11f6dc76c92a6c45fdca43c705a5f14
SHA256

362fed03ae922e05914e4b2d42ae0f99c27601f6cc3ce3c9a9bdcdcc8a06aee0
SHA512

70348d6555095145e73e6d21787a140ffd7ca3c2224d0db48c25e4ef6cccce872797d67113cdf675f6f9cb01b5be6234f2edf8aea92735094ef3e55213926068
SSDEEP

1536:5pAhHaIPYHSgUhsoXd/Oev9rmRrR72gXjgU1vE3gECmxG:w3G

Score

10^/10

asyncrat kunn discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

kunn

C2

mor3ebfashe5elt5ens.ooguy.com:5001

Mutex

Ayrtmaan_X9080

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_a494969c93a55a04d5bd0f5ea1ad326f
- Size
  
  100KB
- MD5
  
  a494969c93a55a04d5bd0f5ea1ad326f
- SHA1
  
  e9cff573b11f6dc76c92a6c45fdca43c705a5f14
- SHA256
  
  362fed03ae922e05914e4b2d42ae0f99c27601f6cc3ce3c9a9bdcdcc8a06aee0
- SHA512
  
  70348d6555095145e73e6d21787a140ffd7ca3c2224d0db48c25e4ef6cccce872797d67113cdf675f6f9cb01b5be6234f2edf8aea92735094ef3e55213926068
- SSDEEP
  
  1536:5pAhHaIPYHSgUhsoXd/Oev9rmRrR72gXjgU1vE3gECmxG:w3G
Score

10^/10

execution asyncrat kunn discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratkunndiscoveryexecutionrat