asyncrat | 94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb | Triage

Sharing

General

Target

94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb.exe
Size

1.7MB
Sample

241112-ww16sa1nen
MD5

5c1202c09bcdddfd51e8f60facada69f
SHA1

202a050ba01b38da95a438f8c2697b3710784d6f
SHA256

94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb
SHA512

3b7a39f7ff6c70da867783f8a4a115301662aba40662fe014c59d98345557efd669a6f176ce0175177441d803a8c078e2d69703e0084a4986528fb6cae3513c5
SSDEEP

24576:kKgB0OYGBDUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFtVTTx9dCqZCf82f3iBLLzZ7y:bgB0BytRFk6ekxRbCqH2aBLFr/O

Score

10^/10

asyncrat fendi discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

FENDI

C2

octubre212024.giize.com:2727

fuertefuerte.accesscam.org:2727

octubre242024.casacam.net:2727

castanojulian1111.chickenkiller.com:2727

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb.exe
- Size
  
  1.7MB
- MD5
  
  5c1202c09bcdddfd51e8f60facada69f
- SHA1
  
  202a050ba01b38da95a438f8c2697b3710784d6f
- SHA256
  
  94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb
- SHA512
  
  3b7a39f7ff6c70da867783f8a4a115301662aba40662fe014c59d98345557efd669a6f176ce0175177441d803a8c078e2d69703e0084a4986528fb6cae3513c5
- SSDEEP
  
  24576:kKgB0OYGBDUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFtVTTx9dCqZCf82f3iBLLzZ7y:bgB0BytRFk6ekxRbCqH2aBLFr/O
Score

10^/10

asyncrat fendi discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratfendidiscoverypersistencerat

behavioral2

asyncratfendidiscoverypersistencerat