asyncrat | cbe1ea9fba1b3853ef0b1fcf6709da743ad1aef6f462a6636cc5691e219e36e8 | Triage

Sharing

General

Target

6e8ba787b170e324a5b096c27afd69a3.bin
Size

1.4MB
Sample

241114-bqklmaseme
MD5

99b274208fb0365330fad0d10122496c
SHA1

ae301ce99c280a9be8215fb6ac6ebea34524e1ed
SHA256

cbe1ea9fba1b3853ef0b1fcf6709da743ad1aef6f462a6636cc5691e219e36e8
SHA512

30b717bc2ea16ff6a3ca3c4f5d39815a0700d406813e068d7b079978a53563989f934c59d98c083da8fb273d24ac7face62bbeec40ef9e1bf4499e4c7b1a5d96
SSDEEP

24576:fbIBb5278qlCtrJMDUUicbIrytSmWRlMArNas27Ibx6JQdP+e89DSIUrrR3nfi:jyb5RwCpJ7wIryQJrN5+/JQ9+ecJurR6

Score

10^/10

asyncrat fuegooo discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

FUEGOOO

C2

octubre212024.giize.com:2525

fuertefuerte.accesscam.org:2525

octubre242024.casacam.net:2525

castanojulian1111.chickenkiller.com:2525

uego.con-ip.com:2525

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c.exe
- Size
  
  3.6MB
- MD5
  
  6e8ba787b170e324a5b096c27afd69a3
- SHA1
  
  9220ffdfba5cc4c8efda49ab03fd9e3dfa5104aa
- SHA256
  
  acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c
- SHA512
  
  99e80b34ad7eeb06121b14458d57aa9efcb245edd60e5f1d96134938ad929bf9a7de0911c4561451698a4d4fc07ac66e42635f5c41ea0afb61d357f0310d8f7c
- SSDEEP
  
  49152:iWGtLBcXqqR6SVb8kq4pgquLMMji4NYxtJpkxhGjI4TbG333geTIZw2r6TUV:OtLu0qgwh4NYxtJpkxhGQ333geTCFv
Score

10^/10

asyncrat fuegooo discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratfuegooodiscoverypersistencerat

behavioral2

asyncratfuegooodiscoverypersistencerat