asyncrat | 7b46541f979403e9c84207362d80b60600812a5734ca97fa3d53234f3f7e2af2 | Triage

Sharing

General

Target

CamScanner#007121120241524000.Tgz
Size

1.2MB
Sample

241113-ve1m9awanh
MD5

cc98e81f4228aa9e30ec1b5eb2c14eab
SHA1

f2c6492045673701a9cb2547f6d510b37458a61b
SHA256

7b46541f979403e9c84207362d80b60600812a5734ca97fa3d53234f3f7e2af2
SHA512

90bca8cb40c1a4a395c98b71199a245cdf5335f34f7d38b37828d6933d759f6bec10de5c368ee089a40bc4dd5a3ea725123f19405b13f782aa6114d9dfc6886d
SSDEEP

24576:bL3KSefuVUpBGimCPW/+guAAMEKZaqzbMv8qecADDKMAxidz5igX:bL3KZfMoB3mD/0AmqvMkPc8KBWNV

Score

10^/10

asyncrat noviembre12 discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

noviembre12

C2

peinadorafael779.duckdns.org:2020

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  CamScanner#007121120241524000.Tgz
- Size
  
  1.2MB
- MD5
  
  cc98e81f4228aa9e30ec1b5eb2c14eab
- SHA1
  
  f2c6492045673701a9cb2547f6d510b37458a61b
- SHA256
  
  7b46541f979403e9c84207362d80b60600812a5734ca97fa3d53234f3f7e2af2
- SHA512
  
  90bca8cb40c1a4a395c98b71199a245cdf5335f34f7d38b37828d6933d759f6bec10de5c368ee089a40bc4dd5a3ea725123f19405b13f782aa6114d9dfc6886d
- SSDEEP
  
  24576:bL3KSefuVUpBGimCPW/+guAAMEKZaqzbMv8qecADDKMAxidz5igX:bL3KZfMoB3mD/0AmqvMkPc8KBWNV
Score

10^/10

asyncrat noviembre12 discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratnoviembre12discoverypersistencerat

behavioral2