asyncrat | 6223e05abb8fda88b2cb2cc3a18199f1781db887d39f77426d9fce6579a97670 | Triage

Sharing

General

Target

ACTA DEL EXPEDIENTE N° 4528-2932-22.exe
Size

1.5MB
Sample

240722-swsymavaqg
MD5

af378b7909440034d7400a16d28675fe
SHA1

c10fa3770480f1147a230130802e60916a2bb459
SHA256

6223e05abb8fda88b2cb2cc3a18199f1781db887d39f77426d9fce6579a97670
SHA512

a0d9cc46b4f3e87cca6a5dc7f6ba14b026864556282e824b3d179a0bd241829b773aa9ed52d6b949ecfe330a40dd1b8a26c88c25ba665d5bab3a0d4ec00b3754
SSDEEP

49152:0i0mLW8TZ70RwLL3mMjrQE0gGp03TGFeJgc8XtJrYtVdZTROwF8NRLdCg4g6e3di:5B32MoNgfTScMJxKbL5Yo

Score

10^/10

asyncrat njrat julio 16 nyan cat persistence rat trojan

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

julio 16

C2

linternadc24.duckdns.org:2222

Mutex

windowsnfdvfgdjsllcpqwaxvmnvgddwqgxz

Attributes

delay
10
install
false
install_file
windowsfender
install_folder
%AppData%

aes.plain

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

desquare27.duckdns.org:6060

Mutex

b54424da43d94f

Attributes

reg_key
b54424da43d94f
splitter
@!#&^%$

Targets

- Target
  
  ACTA DEL EXPEDIENTE N° 4528-2932-22.exe
- Size
  
  1.5MB
- MD5
  
  af378b7909440034d7400a16d28675fe
- SHA1
  
  c10fa3770480f1147a230130802e60916a2bb459
- SHA256
  
  6223e05abb8fda88b2cb2cc3a18199f1781db887d39f77426d9fce6579a97670
- SHA512
  
  a0d9cc46b4f3e87cca6a5dc7f6ba14b026864556282e824b3d179a0bd241829b773aa9ed52d6b949ecfe330a40dd1b8a26c88c25ba665d5bab3a0d4ec00b3754
- SSDEEP
  
  49152:0i0mLW8TZ70RwLL3mMjrQE0gGp03TGFeJgc8XtJrYtVdZTROwF8NRLdCg4g6e3di:5B32MoNgfTScMJxKbL5Yo
Score

10^/10

asyncrat njrat julio 16 nyan cat persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratnjratjulio 16nyan catpersistencerattrojan

behavioral2

asyncratnjratjulio 16nyan catpersistencerattrojan