asyncrat | 5acd74cdab616fc71cee23a87568e746c6aeb45c0a9645c98fa507119781ba5e | Triage

Sharing

General

Target

OrdendeNoviembre.iso
Size

1.2MB
Sample

241104-n75pcazaqb
MD5

7ef77eda09a1081e66497340e6783364
SHA1

42907bdf14571b405fd5073ba746a5565ead014c
SHA256

5acd74cdab616fc71cee23a87568e746c6aeb45c0a9645c98fa507119781ba5e
SHA512

8b32552eed6a5f552d6351b94d1f12523cf17a7e2f93ea07cbd87d42f9b05afb66494d90b6fd619febca910bb62adf86dc562c08195bbc1add41a8c7a2c74812
SSDEEP

12288:MlxHRmQa1wEqTH+nsh1XMav+HaezctT4hZfmg:eHRmcH+meaWFzcts/fF

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:1960

cuit.ydns.eu:1960

Mutex

Ym9duGjX2Yzz

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Orden de Noviembre.com
- Size
  
  552KB
- MD5
  
  4940da1a6d964cc9090584fdb9ff306d
- SHA1
  
  e5be22aa824effd315eac3704dcc8790b0718dc0
- SHA256
  
  d8a9180da33ecaa39821ee77065c78cdf428a2c83afdbfa923e4db651b859961
- SHA512
  
  6febe5992c168273500e081967c648cef21b1f0c9cd0b11bfc16c9e1975fb5bae82cffb732a9baf6c5a38bb5adf5be814eb8ab75ce24be080092190c9d72bf91
- SSDEEP
  
  12288:ClxHRmQa1wEqTH+nsh1XMav+HaezctT4hZfmg:8HRmcH+meaWFzcts/fF
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat