asyncrat | 337a0dff907453cd0d54ac5ecf32647e65862a3022c214ddbca0403975536b02 | Triage

Sharing

General

Target

337a0dff907453cd0d54ac5ecf32647e65862a3022c214ddbca0403975536b02
Size

2.8MB
Sample

240816-2dgx3s1dke
MD5

ded1097db12e28f8b14cd2077d0a1039
SHA1

f564162a97cbb5b9061ff37aeede038a0c7011b1
SHA256

337a0dff907453cd0d54ac5ecf32647e65862a3022c214ddbca0403975536b02
SHA512

7e18442ce496faad20ae3c883e936c8e0a282ba4497bb329c301f00dff817b94681510b0504614b549358bc85f7007663bc56c9fe2f9096fbf05a333e0772492
SSDEEP

49152:yUTAlU6Bv0dm6kEh8PmNTUQUft8PX6uEhqnDm/gAARSoWc8oppFi7rJqhL6dnFk8:ymAlHc3hbNYLmPX6uEhqnDm/gAA81Yin

Score

10^/10

asyncrat agosto 16 discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

agosto 16

C2

perezedc95.duckdns.org:4040

Mutex

firewallrtfghyulgsmmkliyrefdswaqbloi

Attributes

delay
15
install
false
install_file
firewall
install_folder
%AppData%

aes.plain

Targets

- Target
  
  337a0dff907453cd0d54ac5ecf32647e65862a3022c214ddbca0403975536b02
- Size
  
  2.8MB
- MD5
  
  ded1097db12e28f8b14cd2077d0a1039
- SHA1
  
  f564162a97cbb5b9061ff37aeede038a0c7011b1
- SHA256
  
  337a0dff907453cd0d54ac5ecf32647e65862a3022c214ddbca0403975536b02
- SHA512
  
  7e18442ce496faad20ae3c883e936c8e0a282ba4497bb329c301f00dff817b94681510b0504614b549358bc85f7007663bc56c9fe2f9096fbf05a333e0772492
- SSDEEP
  
  49152:yUTAlU6Bv0dm6kEh8PmNTUQUft8PX6uEhqnDm/gAARSoWc8oppFi7rJqhL6dnFk8:ymAlHc3hbNYLmPX6uEhqnDm/gAA81Yin
Score

10^/10

asyncrat agosto 16 discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratagosto 16discoverypersistencerat

behavioral2

asyncratagosto 16discoverypersistencerat