asyncrat | 22c7f23dedc2667904b242348ce36ce7e8aa43c1a1579f86d61c27778e141441 | Triage

Submit
Reports

Overview

overview

Static

static

1

022-CITACI...02.svg

windows7-x64

022-CITACI...02.svg

windows10-2004-x64

Resubmissions

26-07-2024 15:26

240726-sveplszckf 10

26-07-2024 15:22

240726-sr1snszbjd 5

Sharing

General

Target

attachment (2).eml
Size

565KB
Sample

240726-sveplszckf
MD5

abeef636cad0750ce1cd605894f74d4e
SHA1

3dfa8c951855ce1ff5d478c51ac26478d638b544
SHA256

22c7f23dedc2667904b242348ce36ce7e8aa43c1a1579f86d61c27778e141441
SHA512

1b5b9edf8625aa24d36095e2f9ba0807c16ce9eb27506f205a5dbe470a4f44e14277c49d0703b76b2b3a210aab9e8cbe12a079efe4de487dfa471a9a0f936bd2
SSDEEP

6144:/uJpdpClXiN3K6lLMJNc7/HM7zKI3wbaN+cfkFv1Nd2m7v4unOJ1rK:/uJpdWiqNcQ3OFPnA1u

Score

10^/10

asyncrat default discovery rat

Static task

static1

Behavioral task

behavioral1

Sample

022-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-02.svg

Resource

win7-20240704-es

asyncrat default discovery rat

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

022-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-02.svg

Resource

win10v2004-20240709-es

asyncrat default discovery rat

windows10-2004-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

melo2024.kozow.com:8000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
AnsyFelix
install_folder
%AppData%

aes.plain

Targets

- Target
  
  022-CITACION DEMANDA EN SU CONTRA -JUZGADO LABORAL 04 CIRCUITO ESPECIALIZADO EXTINXION-02.svg
- Size
  
  365KB
- MD5
  
  80193d67d0da94a9d928fe4bc5b3a7cc
- SHA1
  
  ec3b1f52e184dd87dfe9ceb2eb5cdca6f96f5dc4
- SHA256
  
  6e6577761b13f6a42f212419a8fcca10f35ab9315f24e9be39c8fc5cdfcfea10
- SHA512
  
  b376e9152c6ec0b45d8e9fa7d4f298a8ddf2d873c3b42b3f7d60704dbef3c7a4967a6e32fef5cd8fa0019bd6176401c2b8fcc0698437c2ae8082bfacb9088957
- SSDEEP
  
  3072:RCkLBpCoMXyV1d/Cl+XlwdgrJGwS4BHKlgeJtonukwUwPsWw5wzwQw6qmPwOhuqZ:RfBpCoK21dE+XlpJGwSsKldhLsuCY
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat

© 2018-2024

Terms | Privacy