asyncrat | 6e6577761b13f6a42f212419a8fcca10f35ab9315f24e9be39c8fc5cdfcfea10 | Triage

Submit
Reports

Overview

overview

Static

static

1

78-CITACIO...54.svg

windows10-1703-x64

Resubmissions

26-07-2024 02:34

240726-c2n9matgqc 10

25-07-2024 23:17

240725-29tlravajg 10

Sharing

General

Target

78-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-54.svg
Size

365KB
Sample

240726-c2n9matgqc
MD5

80193d67d0da94a9d928fe4bc5b3a7cc
SHA1

ec3b1f52e184dd87dfe9ceb2eb5cdca6f96f5dc4
SHA256

6e6577761b13f6a42f212419a8fcca10f35ab9315f24e9be39c8fc5cdfcfea10
SHA512

b376e9152c6ec0b45d8e9fa7d4f298a8ddf2d873c3b42b3f7d60704dbef3c7a4967a6e32fef5cd8fa0019bd6176401c2b8fcc0698437c2ae8082bfacb9088957
SSDEEP

3072:RCkLBpCoMXyV1d/Cl+XlwdgrJGwS4BHKlgeJtonukwUwPsWw5wzwQw6qmPwOhuqZ:RfBpCoK21dE+XlpJGwSsKldhLsuCY

Score

10^/10

asyncrat default discovery rat

Static task

static1

Behavioral task

behavioral1

Sample

78-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-54.svg

Resource

win10-20240404-en

asyncrat default discovery rat

windows10-1703-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

melo2024.kozow.com:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Targets

- Target
  
  78-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-54.svg
- Size
  
  365KB
- MD5
  
  80193d67d0da94a9d928fe4bc5b3a7cc
- SHA1
  
  ec3b1f52e184dd87dfe9ceb2eb5cdca6f96f5dc4
- SHA256
  
  6e6577761b13f6a42f212419a8fcca10f35ab9315f24e9be39c8fc5cdfcfea10
- SHA512
  
  b376e9152c6ec0b45d8e9fa7d4f298a8ddf2d873c3b42b3f7d60704dbef3c7a4967a6e32fef5cd8fa0019bd6176401c2b8fcc0698437c2ae8082bfacb9088957
- SSDEEP
  
  3072:RCkLBpCoMXyV1d/Cl+XlwdgrJGwS4BHKlgeJtonukwUwPsWw5wzwQw6qmPwOhuqZ:RfBpCoK21dE+XlpJGwSsKldhLsuCY
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

© 2018-2024

Terms | Privacy