asyncrat | 7a5274dda9bf19c24d5eb6d00daf537889cd1b46d304de8accda25f17b224516 | Triage

Sharing

General

Target

5c1202c09bcdddfd51e8f60facada69f.bin
Size

833KB
Sample

241114-bl13taseqp
MD5

3689054166185b5e294e558b623508bf
SHA1

5e319eb0b7116272054bf32083552f80e27af6b7
SHA256

7a5274dda9bf19c24d5eb6d00daf537889cd1b46d304de8accda25f17b224516
SHA512

3bbbec90774c8b766b36a77de53d9ac2894e627b98946fd49945d37434a2c93c74921e494d1460e86ce16510e04d7e568b4d17a87755c2f87fc155585864c3f3
SSDEEP

12288:M6yUxVYUJYLLdRT6QXpxeOydyhF+PSQPbHnZom5e5FhUGrPteogELfs02kRD5Fl:Mzydm7T6Q6uWSQPbHnZ789TtjLj2kRzl

Score

10^/10

asyncrat fendi discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

FENDI

C2

octubre212024.giize.com:2727

fuertefuerte.accesscam.org:2727

octubre242024.casacam.net:2727

castanojulian1111.chickenkiller.com:2727

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb.exe
- Size
  
  1.7MB
- MD5
  
  5c1202c09bcdddfd51e8f60facada69f
- SHA1
  
  202a050ba01b38da95a438f8c2697b3710784d6f
- SHA256
  
  94f1e96cc1e807c9a9e85d38b18fc77f3ff899fffd330ca277a864f8411ca4bb
- SHA512
  
  3b7a39f7ff6c70da867783f8a4a115301662aba40662fe014c59d98345557efd669a6f176ce0175177441d803a8c078e2d69703e0084a4986528fb6cae3513c5
- SSDEEP
  
  24576:kKgB0OYGBDUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFtVTTx9dCqZCf82f3iBLLzZ7y:bgB0BytRFk6ekxRbCqH2aBLFr/O
Score

10^/10

asyncrat fendi discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratfendidiscoverypersistencerat

behavioral2

asyncratfendidiscoverypersistencerat