asyncrat | 6677437ae63257d73f77e7ee3d16bcec0e8ee6900ac72510bc203e4df2d8f334 | Triage

Sharing

General

Target

01 NOTIFICACION DEMANDA.REV
Size

1.8MB
Sample

240122-wgq29sbfeq
MD5

cf40e0829a73a1cb82e0b02820671061
SHA1

e193b1decdeb0bf7cdc8dae34d7b721a13e65491
SHA256

6677437ae63257d73f77e7ee3d16bcec0e8ee6900ac72510bc203e4df2d8f334
SHA512

9a3a8519479a3df4460f3b8cbe71ca9f5dd3383383efb0b76caa17b17301350d60edd2986ff7b569b8056d13bd5fab2d3152144daa50e58264949244df371324
SSDEEP

49152:V/FRks8F/Wto1wYOiGSky5jJYfA7WSC1734ji2NSw+E3:V/Hks8VueNISb/VWhr4ji2CI

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

poder.kozow.com:8000

Mutex

AsyncMutex_Default

Attributes

delay
3
install
false
install_file
poder.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  01 NOTIFICACION DEMANDA/01 NOTIFICACION DEMANDA....exe
- Size
  
  135KB
- MD5
  
  a2d70fbab5181a509369d96b682fc641
- SHA1
  
  22afcdc180400c4d2b9e5a6db2b8a26bff54dd38
- SHA256
  
  8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473
- SHA512
  
  219c6e7e88004fad9f4392be9a852c58fc43b7f6900e40370991427f37eaea5c18f48d2954f9479dde8bcb787345f4e292d5620add8224aec4d93d7968820b83
- SSDEEP
  
  1536:URLRDTAC1CMoR1CqabJWt7AQFYMGhw1ScCD28v2Vv428fmvxOuw03h9VC:URdV1CMoiqadTQFBGhw1ED28+94hGw
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  01 NOTIFICACION DEMANDA/Register.dll
- Size
  
  1.0MB
- MD5
  
  dd001e7a2f751f6c9e8c40e23307d102
- SHA1
  
  22fdeab3d891334e2e27d970b3a5680d45cb3371
- SHA256
  
  e2b66236119bfea1571f423a721b1c4495b2363a0af83b8ec2ea728b4fdd7d7a
- SHA512
  
  ee9591e952028aab264ed6fa51369bb5c8d7aee4eaf735fd2f78b4559e2d07791d4d9777478d93be9de8952fa70105d9c431a48d380eebe637138fa188d7aae7
- SSDEEP
  
  24576:a0RdvjwJ4ZCWQufs54Quz27j7BS2Nv+4BT8+uCI:bDhTzAj7pXT3S
Score

1^/10
behavioral3 behavioral4
- Target
  
  01 NOTIFICACION DEMANDA/breakage.ogg
- Size
  
  91KB
- MD5
  
  25ceb30a246b5e35393c3014a8458610
- SHA1
  
  30d174a20e735cd86458be23017a5e09ce46e85d
- SHA256
  
  23df8661729e5cd150bc5821f3a3d57d918332c4e34cca70eec6495fcb5582d1
- SHA512
  
  fe80bd336b87818c0e4091ad5d8c0c2a3ec167840072ead2c7533b20318360bc85b71d5b943973fb11018889e06c51042e0ecf7fe903f08487597e93970338ba
- SSDEEP
  
  1536:OUXBvEmQP+ps/USDEW6JA47CgxQqQraU54mR1DQ+XXJGswHw:VvEmQP+pBCElK47CM5Y954h+JGswHw
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  01 NOTIFICACION DEMANDA/fascinator.psd
- Size
  
  633KB
- MD5
  
  b5235767ba1ad2d53106727ea4c165e4
- SHA1
  
  017d9e13ed9f7b25f864341e92357116a6b07c3a
- SHA256
  
  c6e7629d113a64b4a32955df1ac57c15cbafb8aebd3157c11b93124cadd78583
- SHA512
  
  8022f30a202517c1b52cfa58617153901c5a0e6ed45d4373bc0b6e7250be7d60bee9961f257d1b73194805c370b9e007550d8a9c0d091457a0ea306a7790a1a4
- SSDEEP
  
  12288:hrcHzmmm6mXudkUGGlw7q/jDSL+2VFfbasTE:QvdkUBw72qPVdE
Score

3^/10
behavioral7 behavioral8
- Target
  
  01 NOTIFICACION DEMANDA/rtl120.bpl
- Size
  
  1.1MB
- MD5
  
  adf82ed333fb5567f8097c7235b0e17f
- SHA1
  
  e6ccaf016fc45edcdadeb40da64c207ddb33859f
- SHA256
  
  d6dd7a4f46f2cfde9c4eb9463b79d5ff90fc690da14672ba1da39708ee1b9b50
- SHA512
  
  2253c7b51317a3b5734025b6c7639105dbc81c340703718d679a00c13d40dd74ccaba1f6d04b21ee440f19e82ba680aa4b2a6a75c618aed91bd85a132be9fc92
- SSDEEP
  
  24576:GbhVoNWbA1m6z1hGaMopv3RdaK6IPFf0DtDN9Tox0gc:vtQZPTtgc
Score

1^/10
behavioral10 behavioral9
- Target
  
  01 NOTIFICACION DEMANDA/vcl120.bpl
- Size
  
  1.9MB
- MD5
  
  c594d746ff6c99d140b5e8da97f12fd4
- SHA1
  
  f21742707c5f3fee776f98641f36bd755e24a7b0
- SHA256
  
  572edb7d630e9b03f93bd15135d2ca360176c1232051293663ec5b75c2428aec
- SHA512
  
  33b9902b2cf1154d850779cd012c0285882e158b9d1422c54ea9400ca348686773b6bacb760171060d1a0e620f8ff4a26ecd889dea3c454e8fc5fa59b173832b
- SSDEEP
  
  24576:j2gekcIlYas4GaAKBTZTkZbJ7YBRSjr2WLPcgjzTGlyz6F:jRvzfZT3XSmqcOTGc+F
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12