asyncrat | 762025b999c0d790df34899084a561d34346b0cfe898c6ddf55a32c9bb483473 | Triage

Sharing

General

Target

Procesp_Fiscal_Interpuesto_N#45678909876.tar
Size

1.6MB
Sample

240605-x451dagc77
MD5

9682343c8ee6263e7e35d43ee74a179a
SHA1

18ec60bf43fc440fe0c8b65a38e532e3a09c61df
SHA256

762025b999c0d790df34899084a561d34346b0cfe898c6ddf55a32c9bb483473
SHA512

5832c3f157a41c7a858d7cccf6f5d597f744360b7a06bcb0014d796e41ac4ae126a23ce61dece265cdb2e513a21f60ccae26ff54e05d2bd8968380dc49b7c2ca
SSDEEP

24576:i8u3nXSTsOWzL1klt33AuRqzlw0Neyrds75HM/Ylkd0DNwlb+6uKBGEMk1Tk:i3nmWn2h2vQQS5HM/Ylkdi8+6lBDMeTk

Score

10^/10

asyncrat 05junio persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

05Junio

C2

diosayudamesenor.dynuddns.net:22207

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Procesp_Fiscal_Interpuesto_N#45678909876..exe
- Size
  
  4.4MB
- MD5
  
  ebaf199243c62cba8aac3fd06782b2ca
- SHA1
  
  aa813ca34907e4ada6726fd9a40bdcf10e7320f1
- SHA256
  
  c62dfb6ab7a11ad5e4a77bf664888013a42477f85c3af874efe07da4293e6a2d
- SHA512
  
  d77504541c68b0a2c807c315b7f506725da7b80979c7e3f61fa6384d9e15735e0d4b329b25fbfe2395e2f8d2928ad8313bcf6d09b20f0e18fcad464a76dd6a73
- SSDEEP
  
  49152:NeIFd/SmMp/luXDffWTCcAt0ZqJEK8AbYMsYzOMsT4jfrn78Ab4BnURnOGI0Nm++:y/UcAt0oJ0A3sYqM9s
Score

10^/10

asyncrat 05junio persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncrat05juniopersistencerat

behavioral2

asyncrat05juniopersistencerat