asyncrat | a882ef861459694139040550cc826dda328e30e6a01fc4775e6934e862e8ed39 | Triage

Sharing

General

Target

DOCUMENTOSPROCESOLEGALANTEJUZGADOMUNICIPAL893872429.rar
Size

1.1MB
Sample

241126-t8m4kszkbt
MD5

8c0fd82b616bc6f85e99ec36db94b2de
SHA1

21247f6635621c57e98f3781b5012daf5ba732e6
SHA256

a882ef861459694139040550cc826dda328e30e6a01fc4775e6934e862e8ed39
SHA512

659ac7a6119415630fce246e41456682bff473fc9eb70963cffe978a21c52c62d0e337ee5de11601e10dc2eb9fb963832e1110c284bca55653bbe7c741cf7e00
SSDEEP

24576:aRT0oN4IGlkLC6agOcDlI4OpB/rkWsfE+h1s:al0o+laPagOcBmpB/YWC1s

Score

10^/10

asyncrat logan discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

LOGAN

C2

logann.duckdns.org:6606

Mutex

uuooxuxbnkywum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DOCUMENTOS, PROCESO LEGAL ANTE JUZGADO MUNICIPAL 2938724639571290861428214935230984329.exe
- Size
  
  1.4MB
- MD5
  
  ef14f82a4981ca8453f7c3e5cdf89fe9
- SHA1
  
  adaf2e1d3fa7b14d1a8031972cba2498fe43af3e
- SHA256
  
  e9290645d565611e0bf0aeaf6c07dd719fb668b3a0f442e1245351b79f3f17c8
- SHA512
  
  037409e6b148963041aea16ba4f3f6f2b2550dbc99d80135073a2882e4fc642b99b012b9d7db6ecc2bd09427918ca13e89e9706abd8ada6c93002f8f450dc99f
- SSDEEP
  
  24576:SC0YSsCCuOA5saQsqr8p1I44Wc4rnIl0cURZojzl/r6pDxTvqgBS+nVA:gOAWjbryqTfGI1UEnlj6pD13xVA
Score

10^/10

asyncrat logan discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratlogandiscoveryrat

behavioral2

asyncratlogandiscoveryrat