asyncrat

General

Target

bac9ca34e4ee09e14dcd89870f933a8e.7z
Size

997KB
Sample

241119-xg8sravnbk
MD5

bac9ca34e4ee09e14dcd89870f933a8e
SHA1

c73829295b7bf2f10867575a86114a80a1924b2b
SHA256

bc0c79ef32bdd9bc48f70b700a69fc8453678211cdda9564cdd8c9124e5cd8fc
SHA512

203c2fda63f0419aadba649b134b1899ccaac565956b72daeed1f0ebc49a5b86b82e0ec6fb0263a6916e3938ad7aed212b7135bde0c55eca3a280b4e3dac8411
SSDEEP

24576:WBaXGMVCaFyvQMEtd+bQuPa++PBwMTF6TSWcuP/ZMsc:1lCagUtdkPa+UF6TLcuP/c

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

SERVER

C2

asyys.duckdns.org:52350

Mutex

AsyncMutex_6SI6TOGjnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  PROCESO_JUDICIAL_POR _DEMANDA_LABORAL_RDO 40032021-00235/1 DEMANDA.exe
- Size
  
  1.6MB
- MD5
  
  8f0717916432e1e4f3313c8ebde55210
- SHA1
  
  41456cd9c3b66cfb22f9bbeefb6750cce516bf3a
- SHA256
  
  8dc4d5deef19fb4da195c270819a6ee283b67408fc9ee187216a0ce80ee61bab
- SHA512
  
  d1c4696541ec1d8d44e820902828bfbbd16afbb9c4a251080fc62262fbf879b268ed0fff80ea84aacdc58f424c516a979bb8fa82f0dfe920d71cad92f17bcfee
- SSDEEP
  
  12288:N2EDigMo6E50Hmy00qEEmxnA7ECCXuiAK6xXHDJBIMQV2:bFaky0wEmxAQCCXuiA3XH8N2
Score

10^/10

asyncrat server discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  PROCESO_JUDICIAL_POR _DEMANDA_LABORAL_RDO 40032021-00235/MpGear.dll
- Size
  
  592KB
- MD5
  
  993a17d402205ca1aff46d60c024683a
- SHA1
  
  f9c3bb6d519f4786c5eedb59cb4d343266d7f741
- SHA256
  
  a20fc336f4571ce29ce8bf095611077e96574e17ae5fc67edab2e9a316141aaa
- SHA512
  
  31a0b5925531f452b7b59fbd1cfae4ec47d209f7a6984c0ff90048d1d152cb420b5f75001202bf6e0d19a420310e08841ef4cb7ec17ddb1a98dc23a2fbcada1a
- SSDEEP
  
  12288:4H7cIKeIaZ+dwGbzSifdhndE7sjXj8cJb+DYtQP:i7cAIaIxzSwDdfjXjBp8Y
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2