asyncrat | ed96d46674a358fd03d9996721549bdeebaffe1547d0bffa2ffaf08d9289009e | Triage

Sharing

General

Target

3b0e61d6cfe1df9b7406723ce49f605e
Size

479KB
Sample

240530-txpg9sea2t
MD5

3b0e61d6cfe1df9b7406723ce49f605e
SHA1

b796a6c31edd70c485b5590f1639c76e1876deb8
SHA256

ed96d46674a358fd03d9996721549bdeebaffe1547d0bffa2ffaf08d9289009e
SHA512

9134a78f005c5054c0ce8b0be0a4448d3e0717a4df2e07f0b1812a49c90831c65203992632d530e1c03873d2c70caa33482001e76a775cb263d85ce0b99a0c10
SSDEEP

12288:wDR+Sb7gHCN1crY/kcinF6AwyOMQetsOUgGkrNc:4tb7gq1w9FbwyOMBPRGkrN

Score

10^/10

asyncrat danii rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

DANII

C2

danii.con-ip.com:6606

Mutex

jqqkbjyrndewhwcgsq

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  3b0e61d6cfe1df9b7406723ce49f605e
- Size
  
  479KB
- MD5
  
  3b0e61d6cfe1df9b7406723ce49f605e
- SHA1
  
  b796a6c31edd70c485b5590f1639c76e1876deb8
- SHA256
  
  ed96d46674a358fd03d9996721549bdeebaffe1547d0bffa2ffaf08d9289009e
- SHA512
  
  9134a78f005c5054c0ce8b0be0a4448d3e0717a4df2e07f0b1812a49c90831c65203992632d530e1c03873d2c70caa33482001e76a775cb263d85ce0b99a0c10
- SSDEEP
  
  12288:wDR+Sb7gHCN1crY/kcinF6AwyOMQetsOUgGkrNc:4tb7gq1w9FbwyOMBPRGkrN
Score

10^/10

asyncrat danii rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

asyncratdaniirat

behavioral2

asyncratdaniirat