asyncrat | c7d7a2cad0c18406bd0370727549b00ad27c041526e82680e8fddd400c803ec5 | Triage

Sharing

General

Target

c7d7a2cad0c18406bd0370727549b00ad27c041526e82680e8fddd400c803ec5
Size

95KB
Sample

240417-rlmhesch7z
MD5

e1abb7c793a5fa266313e7d66491149d
SHA1

b72e4634074bf6fb54048b9ca74783a212ad76ab
SHA256

c7d7a2cad0c18406bd0370727549b00ad27c041526e82680e8fddd400c803ec5
SHA512

f3f2ef2afa88f6a012ae4f06480e3ac71a4d155727f8ab92d6a023a9318e862d967877794511d8d1697f82dd0638a186da7f526765296cdb14c03cda97df30d0
SSDEEP

1536:yvTe2DLk/n+mDr8/D5prNnopoLoxT+7wj0r4iS1gb50sPxPV4ivquBZi7:mTDLi+m38/D7NnbL7wg0n60sVV/vqio

Score

10^/10

asyncrat asegurar-casa rat

Malware Config

Extracted

Family

asyncrat

Version

| nelsontriana980

Botnet

Asegurar-Casa

C2

subdominiodesub.duckdns.org:1111

Mutex

AsyncMutex_GNhcP0aLwKV1

Attributes

delay
3
install
false
install_file
WD.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2af994c5d5625be98c89248dca5bce26a40debf6b3c7b3b775a5ae916427a18b.exe
- Size
  
  140KB
- MD5
  
  a4ddde2d6e9370b5cc5572f97eb2071d
- SHA1
  
  ee88603b9e64f3af4de73a3a5f6f2676a84dafd8
- SHA256
  
  2af994c5d5625be98c89248dca5bce26a40debf6b3c7b3b775a5ae916427a18b
- SHA512
  
  5174a7bbe499db1e0a2ba944d11e6c70c308265962376a0577f1816f9b88afe185b55fa3a649e722ad753c05d4ccd0a26c3d0dc0a9142a57e5ae850d7912b247
- SSDEEP
  
  3072:FiGpa7x6bEGuXYEzNfRWtA2zvigEyapFS/b6JQ9LaeMR:FiKa7kbwoEZqji9i/6QnQ
Score

10^/10

asyncrat asegurar-casa rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratasegurar-casarat

behavioral2

asyncratasegurar-casarat