asyncrat

General

Target

sinpass.zip
Size

2.9MB
Sample

240722-qj13csyfre
MD5

a53b37ac9c68e4df8889e711ebdb0f10
SHA1

255c10af475d930354b76af4e74bd814a38d5bf2
SHA256

6690c8fe22bef50e4ea21298c3dffee89f2d89cd2b2fc91c06c25bde5f0b549d
SHA512

2d56176e7dcf980841e6874c595d7631ca82df13adb2a51d685b5d2c7328e95c46565d01bcfffd32d75019eaa6e1b8e042a4f7ead03911645939c1a4e50aae51
SSDEEP

49152:EltKKst6KiTaibm9iGW2j/ZMmfpRkaft/7IJE8uishSVcTgR7+Xu9xQp/3FOtTV/:EbbsPOSlW2j/+mfpW6EJEIoxsR7tEl1q

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

juanjuan20231.kozow.com:2107

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  zip_contents/01 CITACION DEMANDA.exe
- Size
  
  3.1MB
- MD5
  
  b841d408448f2a07f308ced1589e7673
- SHA1
  
  f5b5095c0ed69d42110df6d39810d12b1fa32a1e
- SHA256
  
  69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699
- SHA512
  
  a689734048109ab7bec9491bbb7781686c19c7885166b3ca2975e2f49e956fcc388cd8ca85a4e5a8bf9efe6056f1e0d80197b7f521d4f0d4cadb10ba9ef1fa93
- SSDEEP
  
  49152:pvFg5qg9BtIAHE3SM4ahx6LK2SamuZob+tCjNrv8:Jm5qGBHBLRKuZfkjNrv8
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  zip_contents/madHcNet32.dll
- Size
  
  921KB
- MD5
  
  2ba4099eb6fbac4eaae2d6dfe71b4e18
- SHA1
  
  fb6c32e1589cfa0121e15606932671f27ee963be
- SHA256
  
  8bd3edbf027972636bdb4cbb46037f0be98ca233e19b003e860af0bd7526a0ac
- SHA512
  
  953fe3a3328b871aac6ba9ce1242efa8e9d567f50eb22b3afee549ec9a83192b61ee479ddae44a5a63ee6594e8a73afda521f538f2e5eb750c15a00541864241
- SSDEEP
  
  24576:DlUbWq3/gquYUJ4Vgv0eUnDaE0eyxfcT9D:ZUR4quYUJ4VgceXE0ZxfAh
Score

1^/10
behavioral3 behavioral4
- Target
  
  zip_contents/mvrSettings32.dll
- Size
  
  1.0MB
- MD5
  
  d168f18b79f9f33690f011d1deb1e7cf
- SHA1
  
  cf0d984ce101ec274e65e88fae07daeb26de5a6d
- SHA256
  
  b7d3bc460a17e1b43c9ff09786e44ea4033710538bdb539400b55e5b80d0b338
- SHA512
  
  bbf085bcbc3c1c98caba95bdf48051bac18bbd1b7314c7bb55b56e3d423fb34758cc239c237091486cc466123bf02844eaac3b4435cb535af25dc2bca625af71
- SSDEEP
  
  12288:1wsE8YWuTCipwKm3ZCdX+y0Cg57ZrVmK5UhYX5NN/u3ZeEb+LJkguVl1Y1e:XIWuFKKVuig5jZ5xX5P2bKyguJf
Score

3^/10
behavioral5 behavioral6
- Target
  
  zip_contents/unrar.dll
- Size
  
  304KB
- MD5
  
  851c9e8ce9f94457cc36b66678f52494
- SHA1
  
  40abd38c4843ce33052916904c86df8aab1f1713
- SHA256
  
  0891edb0cc1c0208af2e4bc65d6b5a7160642f89fd4b4dc321f79d2b5dfc2dcc
- SHA512
  
  cdf62a7f7bb7a6d511555c492932e9bcf18183c64d4107cd836de1741f41ac304bd6ed553fd868b442eaf5da33198e4900e670cd5ae180d534d2bd56b42d6664
- SSDEEP
  
  6144:e2Gk6wDaKov/5qrawOZI8uN0f/UVvN3MwdZFmiVFC+OEu:e2GkNo35qrawqmG/yM8PmiO+Ol
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8