asyncrat | 454e6542260989481f10c1c244b542ab6da99ac2791469df0cdbd7432d602bce | Triage

Sharing

General

Target

31072024_1600_docmenalfodacturas73829768692348692170835691270836599027413856932758493245.zip
Size

2.1MB
Sample

240731-tfvb7awfma
MD5

bb1aa71be97e059a4b0dd593db3c8949
SHA1

b2d0a4a40bc6e7003aaf7a081bf1dfdf4dbd7ed3
SHA256

454e6542260989481f10c1c244b542ab6da99ac2791469df0cdbd7432d602bce
SHA512

a5edf36c44c8737e9c59528195d358c024e3687a2510d9cc840d58c8fa458c7ad26a4992668350413239a77061b9c81e6c6b3c0a66c82d812adc80a4c3108a7f
SSDEEP

49152:i9o5lPYYQPB9YU5mRAWCZnFp5D7xOfQdK/elQWGQXl:i9oDIVoAZ5ZoD/fa

Score

10^/10

asyncrat pista discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

PISTA

C2

pista.con-ip.com:6606

Mutex

uuooxuxbnkywum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  docmenalfodacturas73829768692348692170835691270836599027413856932758493245.exe
- Size
  
  2.1MB
- MD5
  
  78303888fe75caafdb9d0b3ffb358319
- SHA1
  
  a73032f41c5e40869d9bf1e3b61b6e6530389d60
- SHA256
  
  9d93b1d1b9ef2411bd662785156af839101718cedbe60459ac07b709c04cde0d
- SHA512
  
  2f6f91aa5ddacc6c30f944b0dd20fb918083fc3bc508b5a5624970fbd8ac276eee93841c904ae4eacefc0e4aeef4909a8a9154448cf231251bc9d7e8f209ddfd
- SSDEEP
  
  49152:AKGcLGC9pM8jSBheJC/pFptG8TZ7fCPOM:vD9ptSXDxtNLSO
Score

10^/10

asyncrat pista discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratpistadiscoverypersistencerat

behavioral2

asyncratpistadiscoverypersistencerat