asyncrat | cdbadb90de6d5cbdd15f273917be1ba0a17142aa84b3196becafb5c670ec5d28 | Triage

Sharing

General

Target

BANCOLOMBIA LE INFORMA QUE SU CUENTA DE AHORRO ESTA PRESENTANDO MOVIVIMIENTOS INUSUALES VALIDE SU INFORMACION Y EVITE FRAUDES.exe
Size

321KB
Sample

201228-lwb9n16bg2
MD5

24b6a2657a73c3bad64be3b3eadc5ecd
SHA1

5f35c84e24163264be7ccb807d8121695c3b1c4d
SHA256

cdbadb90de6d5cbdd15f273917be1ba0a17142aa84b3196becafb5c670ec5d28
SHA512

55a820b8fa4be1a8313c5ec9d33ab5314635d98428141c52ab62f49441fbf755832ddacf2ec7455c266893fb716803afe319ae5fc9d845055cf97a0d401a74ea

Score

10^/10

asyncrat rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

sdfsdfasdf.duckdns.org:8050

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
MHVDLkAAZAe6m0lVK86hB1WGVmtSHDdM
anti_detection
false
autorun
false
bdos
false
delay
Default
host
sdfsdfasdf.duckdns.org
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
8050
version
0.5.7B

aes.plain

Targets

- Target
  
  BANCOLOMBIA LE INFORMA QUE SU CUENTA DE AHORRO ESTA PRESENTANDO MOVIVIMIENTOS INUSUALES VALIDE SU INFORMACION Y EVITE FRAUDES.exe
- Size
  
  321KB
- MD5
  
  24b6a2657a73c3bad64be3b3eadc5ecd
- SHA1
  
  5f35c84e24163264be7ccb807d8121695c3b1c4d
- SHA256
  
  cdbadb90de6d5cbdd15f273917be1ba0a17142aa84b3196becafb5c670ec5d28
- SHA512
  
  55a820b8fa4be1a8313c5ec9d33ab5314635d98428141c52ab62f49441fbf755832ddacf2ec7455c266893fb716803afe319ae5fc9d845055cf97a0d401a74ea
Score

10^/10

asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2