asyncrat | fbb009dab5e1c924e3ee45f2bece42e0fc7c059d9d5a83f526bb7f9a0ae5a8e6 | Triage

Sharing

General

Target

c76159163023302b08641b8d271ab362.bin
Size

1.5MB
Sample

241114-b6sl6ssgjc
MD5

8830fd4508a3a85d12b8309e515e6784
SHA1

f29aea4b83d97e500609fa6669c757f1fa1319d8
SHA256

fbb009dab5e1c924e3ee45f2bece42e0fc7c059d9d5a83f526bb7f9a0ae5a8e6
SHA512

a26c502cdf08f4cf43a5f0bd7e8c261939341961dd08aad8fa526da18e2a4c3b6f14892bed8badf377dc698157bf887065ea58113e2f17523d42806d2285831d
SSDEEP

24576:BxZsCBKZYgxiHbxM8lzseU/YUeD25SMfgfOK5iBDXZBiUGA/nFwInfo2I7cnzMMu:zZ8YzHbxM8NseUGD9fOK5QTxGAvFBfon

Score

10^/10

asyncrat dinero discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

DINERO

C2

octubre212024.giize.com:2727

fuertefuerte.accesscam.org:2727

octubre242024.casacam.net:2727

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  5ab8a17246063f43e04f124c842427a9413d086796c1fd5e9d46917b308f5e74.exe
- Size
  
  3.6MB
- MD5
  
  c76159163023302b08641b8d271ab362
- SHA1
  
  c388606fb8394f7360da6cef38ec1526d2dc9ba1
- SHA256
  
  5ab8a17246063f43e04f124c842427a9413d086796c1fd5e9d46917b308f5e74
- SHA512
  
  53f2a3abd6337100f5fc8ed3da331c5cbb1b4478349c3b2dfc9547330770567bf7c5ced763e176c256cc16180032f816608d0a61d8e31db5ccf2f4f272aeaba2
- SSDEEP
  
  49152:jWGtLBcXqFpa88R6SVb8kq4pgquLMMji4NYxtJpkxhGjIuTbR3339YcZUQ3EANa2:dtLuZIqgwh4NYxtJpkxhGB333tRaEp
Score

10^/10

asyncrat dinero discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdinerodiscoverypersistencerat

behavioral2

asyncratdinerodiscoverypersistencerat