asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

NOTIFICACION_PROCESO_FISCAL.zip
Size

1.6MB
Sample

231206-3yr48agcam
MD5

8425a72b33d7542a61df6128452e0bf1
SHA1

ab00140888628fed62f025f22e6dde92569bfad9
SHA256

42cd003d51ecbce1731e918f8e46decce104c22d65a2473206117c9067b0996c
SHA512

21617ffbafdb696fc1452a043df7b53b62cd1799746a9f492a2f3da6a6261426c02c193122949721426e2f7393112be5d97ecc82597dc1a19d3cdeeb540c6506
SSDEEP

49152:MTnLVUqViPaCcUJfWUAfS+2Qn5FiBXN+cHvxXZ:kUqIPa0JuUdly5FiBIqJ

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

lila152512.duckdns.org:1234

Mutex

AsyncMutex_Default

Attributes

delay
3
install
false
install_file
poder.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  #6 NOTIFICACION PROCESO FISCAL..exe
- Size
  
  20KB
- MD5
  
  9329ba45c8b97485926a171e34c2abb8
- SHA1
  
  20118bc0432b4e8b3660a4b038b20ca28f721e5c
- SHA256
  
  effa6fcb8759375b4089ccf61202a5c63243f4102872e64e3eb0a1bdc2727659
- SHA512
  
  0af06b5495142ba0632a46be0778a7bd3d507e9848b3159436aa504536919abbcacd8b740ef4b591296e86604b49e0642fee2c273a45e44b41a80f91a1d52acc
- SSDEEP
  
  384:Damtvzlx5v02RIDauMTnxOn6sGCYJLW7wycJbi6jc:D7Jv0qpukxO6s6Lhbimc
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Microsoft.VC80.CRT.manifest
- Size
  
  1KB
- MD5
  
  d34b3da03c59f38a510eaa8ccc151ec7
- SHA1
  
  41b978588a9902f5e14b2b693973cb210ed900b2
- SHA256
  
  a50941352cb9d8f7ba6fbf7db5c8af95fb5ab76fc5d60cfd0984e558678908cc
- SHA512
  
  231a97761d652a0fc133b930abba07d456ba6cd70703a632fd7292f6ee00e50ef28562159e54acc3fc6cc118f766ea3f2f8392579ae31cc9c0c1c0dd761d36f7
Score

3^/10
behavioral2
- Target
  
  Microsoft.VC80.MFC.manifest
- Size
  
  2KB
- MD5
  
  f1bb778577cfb1e45adfbb2eaaad7f58
- SHA1
  
  171b0121b165b701482f96b02e7adffd6c799fce
- SHA256
  
  53b6cdab4a829674082048606a65111a2d6ac3a1b2bcfb8be34d8296590d42de
- SHA512
  
  4d125d773a3dd6a0cb755b69053f7d305de03c3fa9854a87a9ecf504c23c8c37ba3fe533b0cd45762b340e6b8065d33bf7280a76376077fb734eae52f950249d
Score

3^/10
behavioral3
- Target
  
  Microsoft.VC80.MFCLOC.manifest
- Size
  
  1KB
- MD5
  
  526c8811d11c65f7ebca8d5f38421188
- SHA1
  
  f964cc250e326101f636a6293ecc710761ef7ccf
- SHA256
  
  571af1ea18ca3f68c321975e7b1a1146b00dfa9349d5711a30c7cf89045a6a1a
- SHA512
  
  42e328781bfff24112d6d9c2a84cf2de95dc9767b8b4dd8b6de099722c236350401e483c2710196dd7092c5b9a03f65a6938dd680e5a2cbbc288a6344f950929
Score

1^/10
behavioral4
- Target
  
  http_dll.dll
- Size
  
  883KB
- MD5
  
  deac278cd34bcf4ac1596ed27a7400b5
- SHA1
  
  a19cc9b06bb61efb143a6f8dd0761e0a41c36394
- SHA256
  
  7eb439f5da221a3f4978131b2acfe1ac80708654e693874e0b81ccf25600e7f3
- SHA512
  
  0245bf0c694f64726d72354af47b9ea3e2edec45c69705d620e526aa44eb373aff33b23803b0b1eec1b85e3de267551dcf76e5ce7514d1e9430fffd9e1b3006a
- SSDEEP
  
  24576:Wzq6uStsPOf+2nVWeqnm5dVjPiV95Myq15:Oq/GbVWCP9yq15
Score

1^/10
behavioral5
- Target
  
  mfc80u.dll
- Size
  
  1.0MB
- MD5
  
  686b224b4987c22b153fbb545fee9657
- SHA1
  
  684ee9f018fbb0bbf6ffa590f3782ba49d5d096c
- SHA256
  
  a2ac851f35066c2f13a7452b7a9a3fee05bfb42907ae77a6b85b212a2227fc36
- SHA512
  
  44d65db91ceea351d2b6217eaa27358dbc2ed27c9a83d226b59aecb336a9252b60aec5ce5e646706a2af5631d5ee0f721231ec751e97e47bbbc32d5f40908875
- SSDEEP
  
  12288:wsaHmJ//R12t2PdMvWxMIQ1zoKyK0ivyHCJKjswl/KY6oQy3AmgVk2YDFpR7m81H:KHmJ+tKtxMIQNmCcjswl/KYh/2YFnb
Score

1^/10
behavioral6
- Target
  
  monokini.iso
- Size
  
  517KB
- MD5
  
  c86de9583cb940fc0f859b6bd80774f4
- SHA1
  
  af33f62c2a9734a387638e6bf6e97dd7ad5e6732
- SHA256
  
  2c83d90551a91ad60ec36a525821c4f89f41af1ceae22719189307222a8ac824
- SHA512
  
  4cf971d0363a6aa62eb0cb43c9b4c3ad620ea97af26c81877d33182283c7cac5e4c5e6178869fefd46838121395261d2ceeea5e102b0db74f94bbbf846e09d42
- SSDEEP
  
  12288:7wrSHsJdzh9E5Uo4ZXZRJqVXBExXRk0U8mc+jpW:lHsJdzihWJrq0DUtLjpW
Score

3^/10
behavioral7
- Target
  
  msvcr80.dll
- Size
  
  617KB
- MD5
  
  1169436ee42f860c7db37a4692b38f0e
- SHA1
  
  4ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3
- SHA256
  
  9382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46
- SHA512
  
  e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0
- SSDEEP
  
  12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo
Score

1^/10
behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Async RAT payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8