asyncrat

Resubmissions

12-01-2025 12:56

250112-p6ebfasras 10

10-01-2025 05:18

250110-fzmvkawkdn 10

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_dbf61f566a642cdd0df3fc1d078debb8
Size

156KB
Sample

250112-p6ebfasras
MD5

dbf61f566a642cdd0df3fc1d078debb8
SHA1

0294ef20386693a5699bc4e57653f966f0eaf028
SHA256

aead3b29e4eb3a2c5499b67eb81a609bd85944a1d7ec6b9557be527a0c566929
SHA512

4de09065e244d791d8c909a1c6cd689063f8318af2648498f9cf435be19b666aba096f1b2946a75200cacee5a63d705fb545c42a9d6f7a5dbf49d3cd0865467c
SSDEEP

3072:bqOQcs8pmp5W4J44tDlsAU/UwtRUsUUc2fjRs+DVs+A1+HX5wsOZ4T3EMXckbNGV:bqLl2V7H6sA4bEMXc4VLvTGc

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

winx.xcapdatap.capetown:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  JaffaCakes118_dbf61f566a642cdd0df3fc1d078debb8
- Size
  
  156KB
- MD5
  
  dbf61f566a642cdd0df3fc1d078debb8
- SHA1
  
  0294ef20386693a5699bc4e57653f966f0eaf028
- SHA256
  
  aead3b29e4eb3a2c5499b67eb81a609bd85944a1d7ec6b9557be527a0c566929
- SHA512
  
  4de09065e244d791d8c909a1c6cd689063f8318af2648498f9cf435be19b666aba096f1b2946a75200cacee5a63d705fb545c42a9d6f7a5dbf49d3cd0865467c
- SSDEEP
  
  3072:bqOQcs8pmp5W4J44tDlsAU/UwtRUsUUc2fjRs+DVs+A1+HX5wsOZ4T3EMXckbNGV:bqLl2V7H6sA4bEMXc4VLvTGc
Score

10^/10

asyncrat default discovery rat rezer0
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral10 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

ReZer0 packer

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10