asyncrat

Sharing

Copy URL

Twitter E-mail

General

Target

3413c79e267f2906768a05abceb441e0503d346134b8731a086df0db1be84d90.zip
Size

3.3MB
Sample

240420-bjzrzacd62
MD5

c8c9505202b63e072b6ea03e893c6b90
SHA1

ceeb59e13c4d3a5fdf8c403d5b81e29df24da29f
SHA256

3413c79e267f2906768a05abceb441e0503d346134b8731a086df0db1be84d90
SHA512

020b7dec1d9fdf2019fc24ab4a646bd9c60e10515ed4d9085f8c3372f0ec37dab4a838d1444d04040d2b35df93c8fa08ade6033b13bac28d1484498202ec059e
SSDEEP

98304:AoEMvg5wwWjymKE5+s3qoIp5PkuXRs6vl8:A959W1z7pKPVrt8

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

sostener2024.duckdns.org:2020

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/01Notificacion juridica.exe
- Size
  
  63KB
- MD5
  
  ae224c5e196ff381836c9e95deebb7d5
- SHA1
  
  910446a2a0f4e53307b6fdeb1a3e236c929e2ef4
- SHA256
  
  bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
- SHA512
  
  f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c
- SSDEEP
  
  1536:Wio8DVyYs7JZT0uPXn8OS6sIe3ekT5Z240jSZk:WkhyYIJZT0uPXn8OdsIe3c4Ql
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects file containing reversed ASEP Autorun registry keys
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/glib-2.0.dll
- Size
  
  1.0MB
- MD5
  
  56d98e0fece16c12a176c42dce671436
- SHA1
  
  daefaac6defa8776b47884dfe65fddf28d29018d
- SHA256
  
  0e44fe39011447190766bb28495e9f293acac4274aa561f7a0cf41d62a294aa8
- SHA512
  
  7fe2da1b5b73e8a9bf4e43977e8c88501b63f8f39e585716a4afddc9b78e3d9bb19733505968a5233ae1691a1980cb9052e0e2c58d9bd69599c92d2f39cdbe9d
- SSDEEP
  
  24576:PekMj5RU/KFHOTHRMQMa62jcS/KPDIj5d0HlGQrVmPQk:PekMjoKsRMQ+S/iDIj5d0FLVmYk
Score

3^/10
behavioral3 behavioral4
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/gmodule-2.0.dll
- Size
  
  24KB
- MD5
  
  b0a421b1534f3194132ec091780472d8
- SHA1
  
  699b1edc2cb19a48999a52a62a57ffc0f48f1a78
- SHA256
  
  2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b
- SHA512
  
  ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98
- SSDEEP
  
  384:3yCTiyTIlmltk6yvfEPLS9OeGYDVEiAhbJM8bDmnYPLm6HEGJqUHeMN6B:3yCWyTIlmltTQO87hB3QX/mz
Score

3^/10
behavioral5 behavioral6
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/gobject-2.0.dll
- Size
  
  281KB
- MD5
  
  24a7a712160abc3f23f7410b18de85b8
- SHA1
  
  a01c3e116b6496c9feaa2951f6f6633bb403c3a1
- SHA256
  
  78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8
- SHA512
  
  d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df
- SSDEEP
  
  3072:2OoLt6w1bALJPPcGPXGHv5aHi9IdzMxtcZJPn4/3KLW6QgMFhQZhXMGSQQ8:qLt6w1byk+2H/c8YPn4SLWQMFhQZOQj
Score

3^/10
behavioral7 behavioral8
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/gthread-2.0.dll
- Size
  
  31KB
- MD5
  
  78cf6611f6928a64b03a57fe218c3cd4
- SHA1
  
  c3f167e719aa944af2e80941ac629d39cec22308
- SHA256
  
  dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698
- SHA512
  
  5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c
- SSDEEP
  
  384:Uwu65o6vunfhlfz2bWTQHaFZDGXoM6m2SNqslNkMgq4w8w/nYPLm6HEGJqUHeMYD:Uwfo6vITf3QHanSYM6pUmMDQw/R2Kf
Score

3^/10
behavioral10 behavioral9
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/iconv.dll
- Size
  
  1.1MB
- MD5
  
  862dfc9bf209a46d6f4874614a6631cc
- SHA1
  
  43216aae64df217cba009145b6f9ad5b97fe927a
- SHA256
  
  84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b
- SHA512
  
  b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8
- SSDEEP
  
  24576:JkfXHfBlcKu6Gavkg3Nyp+bbbf4IBAUZLYN:JIX/cKu6GaX824IBAUZLYN
Score

3^/10
behavioral11 behavioral12
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/intl.dll
- Size
  
  87KB
- MD5
  
  d1a21e38593fddba8e51ed6bf7acf404
- SHA1
  
  759f16325f0920933ac977909b7fe261e0e129e6
- SHA256
  
  6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e
- SHA512
  
  3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e
- SSDEEP
  
  1536:R3P7SvYgvNf+ZSz6wHFK1XErzMfb2z/oMJtEZMGG3:RjGYgvNf+ZSzJlK1XErzMfb2z/oMbEOV
Score

3^/10
behavioral13 behavioral14
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/peso.html
- Size
  
  542KB
- MD5
  
  edc62d1f87294f9aeca90611d95c86aa
- SHA1
  
  704b78b63d715883909bd79ae76ed556f9012152
- SHA256
  
  7403eb14baabad6a67a8a57270b31e88df24b417f074c08b08264b648fe846bd
- SHA512
  
  f8d7c9eac84874618d951be214f49971c6576e7ba96cc5bf239e06335a5121249ae5c2dc486b92efb29c0450b5b0496959ea3e16086c1a15032040e78224ef98
- SSDEEP
  
  12288:JVdNJwUrqUw5hnJmXCMmc5ffUyDvlaY+ju5AeI/ZQAyB:79wUrE5hkykffUyi9aAyB
Score

1^/10
behavioral15 behavioral16
- Target
  
  NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/vmtools.dll
- Size
  
  617KB
- MD5
  
  65c3c2a741838474a592679cda346753
- SHA1
  
  043d80766dd4e49d8dca6ac72b04e09b5491fdc9
- SHA256
  
  4e5f2c54d9ecfe48999edfcce0de038948f8b20ff68e299c55d9a2d6f65713e8
- SHA512
  
  e5d8b308586ffa914f46b6766217eb12ad759853d25108db06170b870d0e8947e2befabc2843f76cb864b0f0135a8f2163b7c93fe644b293789919d1d07c4079
- SSDEEP
  
  12288:uxox5+Qg/YYhflIuPj6sya8/TfOMCEB/15/Cyz0NSwsIEmotaAJW:uCxg5/YYhfmXOdQ15/CyYNSXIE1tJW
Score

3^/10
behavioral17 behavioral18
- Target
  
  NOTIFICACION_JUDICIAL/Winzip/winzip28.exe
- Size
  
  2.8MB
- MD5
  
  45127d1c6f547c83594670ecb9ecb47a
- SHA1
  
  a7b598bea251eb08df05252b2cacebc685dc3067
- SHA256
  
  9ab7364f46747dfeece441fbf8c9b04bb7531484fcaf1052cd1dc080d79b0dcc
- SHA512
  
  ecc5f5eb765aaf4486536ec3052a2e9801d3fd0c69a9dbe608e91ff7358cf823d45d70517a70a780b0654d4b7c1cac2d414d1875350099fc266fae74fcae3c5a
- SSDEEP
  
  49152:xM7Yh3k3h4u3jGpIpp9R9rWY/zypyAxD37/+TIgjTt/77bpvl+SgRQ:UYh04u3qpIppf9vupd+TI6t/771vl+S/
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Detects file containing reversed ASEP Autorun registry keys

Suspicious use of SetThreadContext

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20