asyncrat | 37157625bef24977ce0cf11e74b3d5c8412a0638b541e51cc0944b5127b2469d | Triage

Sharing

General

Target

37157625bef24977ce0cf11e74b3d5c8412a0638b541e51cc0944b5127b2469d
Size

1.8MB
Sample

240524-s9y2ssba91
MD5

dd256157a85a12405cbdf789af1b2442
SHA1

215b9612eec327982a956ada1c5c9ca0cb934b0b
SHA256

37157625bef24977ce0cf11e74b3d5c8412a0638b541e51cc0944b5127b2469d
SHA512

4e6b8dcc6cf00c85d3a68a412555e370a5d63ee480594e7a7ee6f8289e2873ea4b2860d6e5a7e3bd77ea1c079132ecbf9010bb6e47683c6c49ac640357fee2f3
SSDEEP

49152:P1opHluallLeIfGpD+ePfGaBbVoJLshVGbdMeaLaf:N2HluaDp7WmeJaf

Score

10^/10

asyncrat oro-benditos 2 persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

ORO-BENDITOS 2

C2

krakenstudio061Q.casacam.net:8002

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  37157625bef24977ce0cf11e74b3d5c8412a0638b541e51cc0944b5127b2469d
- Size
  
  1.8MB
- MD5
  
  dd256157a85a12405cbdf789af1b2442
- SHA1
  
  215b9612eec327982a956ada1c5c9ca0cb934b0b
- SHA256
  
  37157625bef24977ce0cf11e74b3d5c8412a0638b541e51cc0944b5127b2469d
- SHA512
  
  4e6b8dcc6cf00c85d3a68a412555e370a5d63ee480594e7a7ee6f8289e2873ea4b2860d6e5a7e3bd77ea1c079132ecbf9010bb6e47683c6c49ac640357fee2f3
- SSDEEP
  
  49152:P1opHluallLeIfGpD+ePfGaBbVoJLshVGbdMeaLaf:N2HluaDp7WmeJaf
Score

10^/10

asyncrat oro-benditos 2 persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratoro-benditos 2persistencerat

behavioral2

asyncratoro-benditos 2persistencerat