asyncrat | d4f4d3196d92b306f65ba4f1f90ec73403803530a58196b48db38210e3e3047d | Triage

Sharing

General

Target

d4f4d3196d92b306f65ba4f1f90ec73403803530a58196b48db38210e3e3047d.ps1
Size

249KB
Sample

241126-dyv4faylgm
MD5

33b6c435bdbbec12ae8cba21eb6d105f
SHA1

41d43dc4ec1187e6120f26158e074e39475b0815
SHA256

d4f4d3196d92b306f65ba4f1f90ec73403803530a58196b48db38210e3e3047d
SHA512

8b11308f7e16dc54e1559591d2d741f0a53d0a90c7ddb33bc817d15edcdc46dc4ebedd121925da4c791d7bb8b0a6a74334f63253f6fc3af453765f62826e4a4f
SSDEEP

1536:NYzrwIovquFT/TO5HiSujupnwIE6YcG47rwnv1IJ5YH1llykZXvyd2b5uDSPVZrB:b

Score

10^/10

asyncrat ducksex discovery execution rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY DEXTER-LY

Botnet

ducksex

C2

ducksex.ddnsfree.com:6161

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  d4f4d3196d92b306f65ba4f1f90ec73403803530a58196b48db38210e3e3047d.ps1
- Size
  
  249KB
- MD5
  
  33b6c435bdbbec12ae8cba21eb6d105f
- SHA1
  
  41d43dc4ec1187e6120f26158e074e39475b0815
- SHA256
  
  d4f4d3196d92b306f65ba4f1f90ec73403803530a58196b48db38210e3e3047d
- SHA512
  
  8b11308f7e16dc54e1559591d2d741f0a53d0a90c7ddb33bc817d15edcdc46dc4ebedd121925da4c791d7bb8b0a6a74334f63253f6fc3af453765f62826e4a4f
- SSDEEP
  
  1536:NYzrwIovquFT/TO5HiSujupnwIE6YcG47rwnv1IJ5YH1llykZXvyd2b5uDSPVZrB:b
Score

10^/10

execution asyncrat ducksex discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratducksexdiscoveryexecutionrat