asyncrat | 864f4711e2a0bd7de0f0c58916ba9342230d433c187c9719d1a9a99eba3852bc | Triage

Sharing

General

Target

COMPROBANTE DE PAGO APROBADO DETALLE DE TRANSACCION.rar
Size

305KB
Sample

221201-zmr4asad82
MD5

bf2be54fedc5eea9b0d63ab4dfab971c
SHA1

8e405e517844677d125f1384cd8fd5017e90ac9a
SHA256

864f4711e2a0bd7de0f0c58916ba9342230d433c187c9719d1a9a99eba3852bc
SHA512

bf6f34310e8294c3c5beeb7195e2464f2dd2c5be602b61a607bfee1ef183ebc126fdaeff8fff070dff48548c29ad89af0ea79737a5c1a4a283b25fc084da038b
SSDEEP

6144:9qYBl+HwlP5NVzPvHMfcxtXS9TVQzpW6vO907BwmCaH3zYRRmVkJlvslIOj5:9IQlRLz0fcTCYtRB1wZaXzYRRmKJxlO1

Score

10^/10

asyncrat default persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

fghnmvhdf.duckdns.org:8026

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  COMPROBANTE DE PAGO APROBADO DETALLE DE TRANSACCION.exe
- Size
  
  308KB
- MD5
  
  cc1da12c3dffa8d739dd38ea0290605f
- SHA1
  
  d317615f2b6b2e99ececbbca0aaeb5fbb17abaaa
- SHA256
  
  690bbaeafc4bbb8d02769107e2e5c3d37e1c7091bb78d046d15e0ac2453b2cff
- SHA512
  
  1f33bb748f83910448b8c62f2ca2ce29592abcb76c98c995633b20d05dc81589570fbb23daca3377a51be0d96497447f37a33a7ef6ab0e4586030d333318d201
- SSDEEP
  
  6144:1f/NsqcrocCkiKEFd0yozyFgKOviq/Tlh7XuSVp7KPeyn9PwWP8m2A1:xIxE3c8gVvjTXeOePliXa
Score

10^/10

asyncrat default persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultpersistencerat