asyncrat

General

Target

43d2fe2d5efd8d4bfee609352452e242.crdownload
Size

2.0MB
Sample

241122-1mlf7awmap
MD5

43d2fe2d5efd8d4bfee609352452e242
SHA1

4eec765b7151b5504c3bc8f94e1ede72564db3d7
SHA256

122b5d47c2f38e06db97601bf2e2e8471f41dbeaacf4be579768760c243cd87c
SHA512

a1b7ddc0fa4ffaa6cfe1b2d0d6be6cd4f3369f508afae9f267034f8d697ef55098fb5295d72af188fe15d0bd3a784fdd88f407fed816fd3d2353bb88dc02f187
SSDEEP

49152:Z1Z9EKQeHVkV/JE4Padyw7uQ9oHP0T8K5G/W4NPI4ok5LdWypxXsBOSVB:Zv6KkVRE4idyw7Q8wWGxVIhk5jLsf/

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

nuevo12.duckdns.org:3000

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2024-96630-ACTA DE CITACION JUDICIAL CON RADICADO-2024-96630-66322036-99652/ACTA DE CITACION JUDICIAL .exe
- Size
  
  966KB
- MD5
  
  e634616d3b445fc1cd55ee79cf5326ea
- SHA1
  
  ca27a368d87bc776884322ca996f3b24e20645f4
- SHA256
  
  1fcd04fe1a3d519c7d585216b414cd947d16997d77d81a2892821f588c630937
- SHA512
  
  7d491c0a97ce60e22238a1a3530f45fbb3c82377b400d7986db09eccad05c9c22fb5daa2b4781882f870ab088326e5f6156613124caa67b54601cbad8f66aa90
- SSDEEP
  
  24576:we3xAibB85Z1HrWtB8z1L1OTJu5zzz3zzzozzz3zzzSZ:HxAibBEZ1LWtBzQrZ
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  2024-96630-ACTA DE CITACION JUDICIAL CON RADICADO-2024-96630-66322036-99652/libvlc.dll
- Size
  
  186KB
- MD5
  
  4b262612db64f26ea1168ca569811110
- SHA1
  
  8e59964d1302a3109513cd4fd22c1f313e79654c
- SHA256
  
  a9340c99206f3388153d85df4ca94d33b28c60879406cc10ff1fd10eae16523f
- SHA512
  
  9902e64eb1e5ed4c67f4b7e523b41bde4535148c6be20db5f386a1da74533ca575383f1b3154f5985e379df9e1e164b6bda25a66504edcfaa57d40b04fc658c7
- SSDEEP
  
  3072:f3jr3xal+e5Wz5+xCwcNohCMYMUyNUjqsbJLyLM5xjxN:f3jFe5WYYwRj4yNMqSLyLS
Score

1^/10
behavioral3 behavioral4
- Target
  
  2024-96630-ACTA DE CITACION JUDICIAL CON RADICADO-2024-96630-66322036-99652/libvlccore.dll
- Size
  
  2.7MB
- MD5
  
  97a73457e3ee2b11618c3e57e3989ffa
- SHA1
  
  d38cbe532661b6ff271d231594cad4b8fb37f158
- SHA256
  
  d03d0853e0104b47b595d64f79e7ee3d3821fe4cd962f6bd80e9df1507f8f2f4
- SHA512
  
  ab786207ef73fd637d9318fcf7a1969158e335d344dcf620888fa8f645715f0bfc098fda12e84fa67406dd80e2b63a1928bee2f13e8e7a9a8c327fa1c94dfe2d
- SSDEEP
  
  49152:PA9qEelmNGJRcsADSzpXtBOyABAUZLY6sEZGaXBuQQ9eyn:6q8fmABAUZL3a
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6