asyncrat | c0747c10be35b8c1072a360c7759228b17f35d2ec890154020c716d572b00fbd | Triage

Sharing

General

Target

CITACION DEMANDA 04.zip
Size

1007KB
Sample

240426-2vpn9adg82
MD5

dec8ca054f0ed72e4611572e238538e2
SHA1

c35b1ff53ca874c09a0991086382efbdbf131678
SHA256

c0747c10be35b8c1072a360c7759228b17f35d2ec890154020c716d572b00fbd
SHA512

d5f8522c3ef566417b9b925ffe65d2718195b9b3b89daf0dc8d99009f29697229ee55fc6e2d63cba78651b52daf9797b26b955043477b9f30a81ad4afcd26f1c
SSDEEP

24576:rw1DdGn4pfGskCHHkF6l20iF04FVci8o7XVbX5nbpBc:0dGn4wgHEE604FdzpXZbjc

Score

10^/10

asyncrat zgrat default rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

melo2024.kozow.com:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Targets

- Target
  
  CITACION DEMANDA 04.zip
- Size
  
  1007KB
- MD5
  
  dec8ca054f0ed72e4611572e238538e2
- SHA1
  
  c35b1ff53ca874c09a0991086382efbdbf131678
- SHA256
  
  c0747c10be35b8c1072a360c7759228b17f35d2ec890154020c716d572b00fbd
- SHA512
  
  d5f8522c3ef566417b9b925ffe65d2718195b9b3b89daf0dc8d99009f29697229ee55fc6e2d63cba78651b52daf9797b26b955043477b9f30a81ad4afcd26f1c
- SSDEEP
  
  24576:rw1DdGn4pfGskCHHkF6l20iF04FVci8o7XVbX5nbpBc:0dGn4wgHEE604FdzpXZbjc
Score

1^/10
behavioral1 behavioral2
- Target
  
  CITACION DEMANDA/04 CITACION DEMANDA.exe
- Size
  
  446KB
- MD5
  
  485008b43f0edceba0e0d3ca04bc1c1a
- SHA1
  
  55ae8f105af415bb763d1b87f6572f078052877c
- SHA256
  
  12c22ba646232d5d5087d0300d5cfd46fed424f26143a02dc866f1bfceab3c10
- SHA512
  
  402652786daae635c7405f5fa0924d768cbde2086f9f57b10f00f921dec98e37168f5c3a6baa5593ba9a478f3971d32747c517ffd485d25634c924e6b08815b1
- SSDEEP
  
  12288:vK5+DMJA3TAz4plk9iZOOti81N5y1qMIg+GV5Zul3M:y5+DMJA3TAz4plk9ijK1qlGV7ulM
Score

10^/10

asyncrat zgrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  CITACION DEMANDA/ASUS_WMI.dll
- Size
  
  224KB
- MD5
  
  3f109a02c8d642e8003a1188df40d861
- SHA1
  
  f723f38471b8872443aa9177eef12a96c02cc84a
- SHA256
  
  6523b44da6fa7078c7795b7705498e487b0625e28e15aec2d270c6e4a909b5a5
- SHA512
  
  023696a52d48c465ab62e3ee754b445093b8a0ed0a232b430ce1f0db3dae382c9e1fba210c2b04d1018cc29bfb69c546976912f3939a76e98bcb792ae57af0da
- SSDEEP
  
  3072:Y4WuqFgPmBNRP8hXzGXPkW6ZZW8egH1/jQoAg0FubAxZ+051gh9b6q4TQWdO8g:Y9t2nhQ2ZW8ecAOAZCqQWY8g
Score

1^/10
behavioral5 behavioral6
- Target
  
  CITACION DEMANDA/ATKEX.dll
- Size
  
  84KB
- MD5
  
  e68562f63265e1a70881446b4b9dc455
- SHA1
  
  da16ef9367bde3ce892b1a0e33bc179d8acdceb3
- SHA256
  
  c8b16f1c6883a23021da37d9116a757f971fe919d64ef8f9dba17a7d8dd39adb
- SHA512
  
  6bedea10a5b50f6e93e8566c18970c8ad1b8dfc7d5961069fc5d5216dcdded0b2a2ad8dd91f4ad80f8604d573a343c126df238ee5c448cdc26b899077957a674
- SSDEEP
  
  1536:C3zQ0q8XqIh06v0UQpTcX+CZntb9lviEossWVcd+u8Nc15TCvOM:UqhIh06vKpTcX+El2+uKc15TCF
Score

1^/10
behavioral7 behavioral8
- Target
  
  CITACION DEMANDA/AsIO.dll
- Size
  
  120KB
- MD5
  
  24d5874d5403d369ca66a53f4d7c818f
- SHA1
  
  e171a2b0f5189a0f7374ae99e02b1138066d5147
- SHA256
  
  406f0c9c379ac28f1135d8c2aea49d5105782631cbf5259800e19b93813412c4
- SHA512
  
  bdc845f04e300e9ee5db7cd001e7d7dbd8485d94c957d71a9740e98a66ecaa5089257ffb3e25d399763a88b2e20b339505b1282c254dc0d9e44b71fcf7adbc88
- SSDEEP
  
  3072:A1CK0llptaTHfPwr5pm6Qi0ZqaPkyP87vuL:AQbllaborzQtTYvy
Score

3^/10
behavioral10 behavioral9
- Target
  
  CITACION DEMANDA/parkin.eps
- Size
  
  32KB
- MD5
  
  af9ea500e4c4a352a5ea5dc05d675789
- SHA1
  
  b71df8eb127e0b563db8bed136929e2d9b338409
- SHA256
  
  2a2d0100e0ad2f3cbd8dd17a1f13bfac87885b1e91f8178cfd47536f1229524f
- SHA512
  
  ee8df2f4cdf3f812756fd851f49dffc3dbab7f1490426e112449c9d53732f0470cda448f9258804cc29c661c145e67b222da08290a701d310bb29c3974aef2b9
- SSDEEP
  
  768:TzkuLnqH7fAji8QRpEA9aN0ri4gHdHb8K1iYR2m:TzT8fAe8QR7Pri4MVo+
Score

3^/10
behavioral11 behavioral12
- Target
  
  CITACION DEMANDA/riband.ai
- Size
  
  653KB
- MD5
  
  e299bc66495e5c7b49a74c9b10fbf57b
- SHA1
  
  afe89b3a5ee00ad81f914231c57bbb964af0b8b7
- SHA256
  
  21387648cc4294cbf149f7b3b34056e4eaf03260ad19fb9423ab87af820fa557
- SHA512
  
  574002417bf17d1884f7b009531c16467f233b9f32064bb8b229a98336c9038b8ca390d76f68051be84eb5bbd6949df0f81888aa7c3a765762c1966c1ffc8310
- SSDEEP
  
  12288:8QceuGVPyCtDjyQqjlsxNJnatgz+RFJvrllMC4pWnN9J9eAZ7EczfW6ZtW2Z:f5yOn+2s+4FJvYC4SeZ6ZtF
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

asyncratzgratdefaultrat

behavioral4

asyncratzgratdefaultrat

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14