asyncrat | e7760d96bfe47be2b364e2b94e9fcc378fce87499ec37d4545a1b39cbcdfa976 | Triage

Sharing

General

Target

6470a956f0b83c06939cab659481bf15.rar
Size

1.0MB
Sample

241127-xelkfavpgy
MD5

6470a956f0b83c06939cab659481bf15
SHA1

f120f5b22768f960a8453e8d8d4fb5be4849ebb8
SHA256

e7760d96bfe47be2b364e2b94e9fcc378fce87499ec37d4545a1b39cbcdfa976
SHA512

329e340a5e4960b6897b553992ee20b353c33c06a97d88c75babbc708eefc7d873d5a1c7d6668cc0f6391ddc6e3d555de6ef691160f5ac40688a8b220187f847
SSDEEP

24576:xy/U9RDc6jCb6ywmCZnXL+H43pBMFA6TyH2ir:4GRDNwwv5eFNT4

Score

10^/10

asyncrat logan discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

LOGAN

C2

logann.duckdns.org:6606

Mutex

uuooxuxbnkywum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  ANEXOS Y DOCUMENTOS, RADICADO PARA PROCESO LEGAL 99787215873.exe
- Size
  
  1.2MB
- MD5
  
  e1be6fc6309190f5ac4ae17996ca65fb
- SHA1
  
  4aa23fc35aa6dd3c46e0d1e32ee18b61f3116195
- SHA256
  
  fe2f973bb50568c274625869fb318f8660e0e17af10953039a05999274a21ce4
- SHA512
  
  28c7863d4ec4462e4d222b9258d942a949791e8e2134295de403480c06cb71cb32aea42c20f77482a803be1d0f6ab5a1c96fcbff0042a4d6c66b927c89a97e67
- SSDEEP
  
  24576:VAcwhK7VEyb6WnnRdDH7Q38kPUs2gnPyLCKFdI:VAckK7V3nR8PfPzcW
Score

10^/10

asyncrat logan discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratlogandiscoveryrat

behavioral2

asyncratlogandiscoveryrat