asyncrat | 5537f58e3c041fb2fbee1b76c17fe2cfb64be64e9ff6ef47e4a8f84018605b4a | Triage

Resubmissions

20-07-2024 16:25

240720-twypjsvgjp 10

20-07-2024 16:23

240720-tv4jeatdpg 10

20-07-2024 16:19

240720-tsxyvavfmp 10

Sharing

General

Target

simas1.rar
Size

1.6MB
Sample

240720-tsxyvavfmp
MD5

d7ee856c4065ebe3f8b304efdb08668d
SHA1

7fdcce3977161ee609780abff8c93bb01cafaa73
SHA256

5537f58e3c041fb2fbee1b76c17fe2cfb64be64e9ff6ef47e4a8f84018605b4a
SHA512

342631cb921992403c49044a9e39affed3c38447941d9bbf2fbc5179d66902f700a63c4390b85f830d757bf2776d31e2170d01ff22f2c3e6230360adc31f598d
SSDEEP

49152:4HEZ3G/y3/PHHV6wEgVLReYj2HN6UF54amm8ngy4SuQz:DZx3F6wnNeYj2EUFaaIf04

Score

10^/10

asyncrat enviojulio persistence privilege_escalation rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

ENVIOJULIO

C2

hiperconection.duckdns.org:3030

Mutex

PRMBSRGT0kqWhLMuk3qtRg

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  simas.exe
- Size
  
  633.6MB
- MD5
  
  9e2c7292e4208894e629e695f976e19b
- SHA1
  
  e0193cd527a71d67bdd2440d1ac98065c9b0520d
- SHA256
  
  6bf7e2913edbb6a8fa67849bb7fe7a15b3514da1bcc387e85954ed1315fd5e6f
- SHA512
  
  a160ed48087b0e7df07d2fb7ac0e7f61b371b17eff74ba4f6059bc210045183c0be51884055a19e5747292f8e578ea0749665e34cb3cf0eeb35d1759b6381d30
- SSDEEP
  
  98304:wmJVD97VAOltrWJP8SDUTYAA56RoeXN3cJvPd4Fm0fP0:wmJ7hAatrWJP8S+YAfSkN+vPji0
Score

10^/10

asyncrat enviojulio persistence privilege_escalation rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratenviojuliopersistenceprivilege_escalationrat

behavioral2