asyncrat | 25cde0a920664811bb924b2b96f14624fc74405edab173082202092c60eeedcc | Triage

Resubmissions

13-11-2024 01:24

241113-bspy5atkdy 3

13-11-2024 00:34

241113-aw7snsxjgj 10

Sharing

General

Target

Fallo_Fiscal_Procesado_N°_49298490.tbz2
Size

1.2MB
Sample

241113-aw7snsxjgj
MD5

08a6cbf3bdd42f2b57737b164438c7fe
SHA1

5ca89e52229e0c24ec29136c3807e58c10078cb3
SHA256

25cde0a920664811bb924b2b96f14624fc74405edab173082202092c60eeedcc
SHA512

27d08db366dd5f06a2d64563773d7a53785a6f6c8daeb596aa8dc3b475263943157eae1ffddfc59c734334b1d49d4ace5dcbc846c3e36686b6decbcc6226a63b
SSDEEP

24576:lqvFaPvQsLkNyVHXacxN58LX+JAsGvntINJiqkX32qgJFE9MA2MnJ2BG:lqYg1GHtg93fo5vJK9HTnJ2BG

Score

10^/10

asyncrat actualizado-12 discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Actualizado-12

C2

Mystudio201.casacam.net:8853

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Fallo_Fiscal_Procesado_N°_49298490..exe
- Size
  
  3.9MB
- MD5
  
  d704a3b9b1723e18a91ae6e917b5f769
- SHA1
  
  b18dcd9dc942d974e8badf15534ba20c753c2c1e
- SHA256
  
  9760ed948875361bb2d249211a5c08a5301278ea11a82bbd06baf05e1429ccbb
- SHA512
  
  1fc5033b0174ccad3a6e92ee15b26f234df377ca1b1ac1eb41993da38d7649f3a6ab2ddcb294b839238fbc3250556ce6c89e3b51878eb10ae98353b158b7c1a3
- SSDEEP
  
  49152:gWGtLBcXqNDR6SVb8kq4pgquLMMji4NYxtJpkxhGjI4THa333OJCXHUPWHUbxdFF:EtLudqgwh4NYxtJpkxhG8333LX0P9v
Score

10^/10

asyncrat actualizado-12 discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratactualizado-12discoverypersistencerat

behavioral2

asyncratactualizado-12discoverypersistencerat