asyncrat | acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c | Triage

Sharing

General

Target

acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c.exe
Size

3.6MB
Sample

241113-c9qgnavhlj
MD5

6e8ba787b170e324a5b096c27afd69a3
SHA1

9220ffdfba5cc4c8efda49ab03fd9e3dfa5104aa
SHA256

acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c
SHA512

99e80b34ad7eeb06121b14458d57aa9efcb245edd60e5f1d96134938ad929bf9a7de0911c4561451698a4d4fc07ac66e42635f5c41ea0afb61d357f0310d8f7c
SSDEEP

49152:iWGtLBcXqqR6SVb8kq4pgquLMMji4NYxtJpkxhGjI4TbG333geTIZw2r6TUV:OtLu0qgwh4NYxtJpkxhGQ333geTCFv

Score

10^/10

asyncrat fuegooo discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

FUEGOOO

C2

octubre212024.giize.com:2525

fuertefuerte.accesscam.org:2525

octubre242024.casacam.net:2525

castanojulian1111.chickenkiller.com:2525

uego.con-ip.com:2525

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c.exe
- Size
  
  3.6MB
- MD5
  
  6e8ba787b170e324a5b096c27afd69a3
- SHA1
  
  9220ffdfba5cc4c8efda49ab03fd9e3dfa5104aa
- SHA256
  
  acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c
- SHA512
  
  99e80b34ad7eeb06121b14458d57aa9efcb245edd60e5f1d96134938ad929bf9a7de0911c4561451698a4d4fc07ac66e42635f5c41ea0afb61d357f0310d8f7c
- SSDEEP
  
  49152:iWGtLBcXqqR6SVb8kq4pgquLMMji4NYxtJpkxhGjI4TbG333geTIZw2r6TUV:OtLu0qgwh4NYxtJpkxhGQ333geTCFv
Score

10^/10

asyncrat fuegooo discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratfuegooodiscoverypersistencerat

behavioral2

asyncratfuegooodiscoverypersistencerat