asyncrat | 55ec1346895f43da5a2af477e4cfdf8ff6783c3f20a55d9dffdf727fd4ab9a76 | Triage

Sharing

General

Target

3465-Proceso Judicial Rad. 23001461299320240019100 Procuraduria General.zip
Size

966KB
Sample

241127-th9vnazqf1
MD5

f382d83461a2fd5f5aa4e7d1313cdc44
SHA1

ecaa5d44a5951b9d562ae03fe276c40b1cd44167
SHA256

55ec1346895f43da5a2af477e4cfdf8ff6783c3f20a55d9dffdf727fd4ab9a76
SHA512

8e5537d04947397e288a98eef7a5afa11c22f65886d144e78ae9f89346d147f6f7cf687ec74c4a4233b5d6ab1499500c5b6d40d28cd7998a51062b918a76e865
SSDEEP

24576:fUjHfERDNiZoJtL47ZYQNTGDeQEU001DoR933QFHcth9:fqHaN2oJtchGDe5ULeL33m8r9

Score

10^/10

asyncrat gorra discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

GORRA

C2

94.103.125.231:2626

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  3465-Proceso Judicial Rad. 23001461299320240019100 Procuraduria General.zip
- Size
  
  966KB
- MD5
  
  f382d83461a2fd5f5aa4e7d1313cdc44
- SHA1
  
  ecaa5d44a5951b9d562ae03fe276c40b1cd44167
- SHA256
  
  55ec1346895f43da5a2af477e4cfdf8ff6783c3f20a55d9dffdf727fd4ab9a76
- SHA512
  
  8e5537d04947397e288a98eef7a5afa11c22f65886d144e78ae9f89346d147f6f7cf687ec74c4a4233b5d6ab1499500c5b6d40d28cd7998a51062b918a76e865
- SSDEEP
  
  24576:fUjHfERDNiZoJtL47ZYQNTGDeQEU001DoR933QFHcth9:fqHaN2oJtchGDe5ULeL33m8r9
Score

10^/10

asyncrat gorra discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratgorradiscoverypersistencerat