asyncrat | f927621a7bd2548f85a44695c585163e5d258ba8d2c81eb1d3b00b237443e3cf | Triage

Sharing

General

Target

JaffaCakes118_f50641a335b856c0a7b7d0c7e0f56b45
Size

84KB
Sample

250111-dcjtaasqdq
MD5

f50641a335b856c0a7b7d0c7e0f56b45
SHA1

4972cc2ced7817a0a3556997a3718025b35a407f
SHA256

f927621a7bd2548f85a44695c585163e5d258ba8d2c81eb1d3b00b237443e3cf
SHA512

e73be5e4bf65859d71f3d850c6aa11e7e8ba3f929283a78cfadc6cedde722b3e7b53b5090ed7ecfa4081bffa3ab3b4128c9d846973cda3d015e8f34c13f25d2f
SSDEEP

1536:TcSoPFh67RiCEPzo/rJV4Jx59PwpMvj7QInrLdJg9mRY1tW:kPE9WJ1PRnrJJgUGW

Score

10^/10

asyncrat default discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

rick63.publicvm.com:5900

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_f50641a335b856c0a7b7d0c7e0f56b45
- Size
  
  84KB
- MD5
  
  f50641a335b856c0a7b7d0c7e0f56b45
- SHA1
  
  4972cc2ced7817a0a3556997a3718025b35a407f
- SHA256
  
  f927621a7bd2548f85a44695c585163e5d258ba8d2c81eb1d3b00b237443e3cf
- SHA512
  
  e73be5e4bf65859d71f3d850c6aa11e7e8ba3f929283a78cfadc6cedde722b3e7b53b5090ed7ecfa4081bffa3ab3b4128c9d846973cda3d015e8f34c13f25d2f
- SSDEEP
  
  1536:TcSoPFh67RiCEPzo/rJV4Jx59PwpMvj7QInrLdJg9mRY1tW:kPE9WJ1PRnrJJgUGW
Score

10^/10

execution asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdiscoveryexecutionrat