asyncrat | 54c06f73257dcc2bbc4a3f45a024cedf51f1f06b2893237377bef66c16f4e56f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ausado_Fiscal_N°_539547852.tar
Size

804KB
Sample

240416-3ex65aha31
MD5

190ac2d22e5c5374fa01e93313856ede
SHA1

7fa7aea5a19fdf2b698e2f80a2b8cf33b2329bce
SHA256

54c06f73257dcc2bbc4a3f45a024cedf51f1f06b2893237377bef66c16f4e56f
SHA512

ae4cc44a83462247cc80c181dfeb9f0927537e7b03003b921c2ba232b5f2e40700408d07fee19764c0bcd97bc246c19396bcef4f943617998433710e57da9f72
SSDEEP

24576:NlvWix+eB9L7BuQvT9oh7Utn6vIa20calSb6N/m:Nlt+eB9Lxv5oh7Utn6v920GZ

Score

10^/10

asyncrat 16- abril-ivan rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

16- ABRIL-IVAN

C2

vpsy6s.mysynology.net:2203

Mutex

GNhZXSsXwKV5

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Ausado_Fiscal_N°_539547852..exe
- Size
  
  1.9MB
- MD5
  
  8d3e7a96486cd9edeb9a22c1752d887c
- SHA1
  
  c725164a9a588b8ed7608fb38a5595cd9e06f573
- SHA256
  
  1fd4779aa6c191eb618ba6507af331ff16576ef54b73ac8d5f9293e21006abd0
- SHA512
  
  6ec4fc6f3f5fdf7348758c664151bbdaedd76de01db042163ec6e106287598f9bb5e2a95a35d71de9497919fd88f25649de0a8367ce78067336eb4ef291dedb6
- SSDEEP
  
  49152:uZ/OA5hwEGrI1IYdK6dXELnT2cSg1/3brvri:7AzGrI1IOK0XELni1yrPi
Score

10^/10

asyncrat 16- abril-ivan rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

asyncrat16- abril-ivanrat

behavioral2

asyncrat16- abril-ivanrat