asyncrat

General

Target

4649f13924470f61ed64eaac0d2e0367ec8038bc63a3043ace3c77c562130cbc
Size

1.1MB
Sample

241017-ssftwswcqn
MD5

3b011c43c3242a2e4092e69c192c1ce1
SHA1

5efa676dcd98670e516a6c373375a879a55da138
SHA256

4649f13924470f61ed64eaac0d2e0367ec8038bc63a3043ace3c77c562130cbc
SHA512

598aebf617b8084088d16fdf402e36cf9a49a5bf44f0e9f86478370a1d5a270da535a667a20fa555273c69d70f026f5c3c9b9a405b0a88b6b52fba899e682f7b
SSDEEP

24576:WI0aU4+wdykkFn0htYjl7zZuQNzMt8zuR3RsNpiDL:WIFU4zMXIYtoiCM4sv6

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

envio1206.duckdns.org:3030

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  1654-INICIO DEMANDA LABORAL JUZGADO CIVIL DEL CIRCUITO DE RAMA JUDICIAL/01 DEMANDA LABORAL.exe
- Size
  
  1.6MB
- MD5
  
  8f0717916432e1e4f3313c8ebde55210
- SHA1
  
  41456cd9c3b66cfb22f9bbeefb6750cce516bf3a
- SHA256
  
  8dc4d5deef19fb4da195c270819a6ee283b67408fc9ee187216a0ce80ee61bab
- SHA512
  
  d1c4696541ec1d8d44e820902828bfbbd16afbb9c4a251080fc62262fbf879b268ed0fff80ea84aacdc58f424c516a979bb8fa82f0dfe920d71cad92f17bcfee
- SSDEEP
  
  12288:N2EDigMo6E50Hmy00qEEmxnA7ECCXuiAK6xXHDJBIMQV2:bFaky0wEmxAQCCXuiA3XH8N2
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  1654-INICIO DEMANDA LABORAL JUZGADO CIVIL DEL CIRCUITO DE RAMA JUDICIAL/MpGear.dll
- Size
  
  592KB
- MD5
  
  8d6de42f1495eb5f487dd5bab8e97038
- SHA1
  
  dd9b13c03c8db0a2368f7dccaf4081b82bfa2a7b
- SHA256
  
  2625ad5e5176eeec5f91152d8b5fbdde2cb96fec11b6bf2a5dc4d09f03b381d9
- SHA512
  
  54424a71f2fe3d9d411ec30f5ae31aeed2d6637e06625273cee5c228c587e537892c78a5d984479d60b2791fd8e2083e7ef3e5a0cc11ae4b330152d8e033f93f
- SSDEEP
  
  12288:n5Lc3KeIaZ+dwGbzSifdYndE7sjXj8cjb+DYtYP:5LcbIaIxzSwKdfjXjBv8Y
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2