asyncrat | de7605348e00fa74f915deddaaeb39e85e37d65758e3ab7b3e16b1c4d8934d74 | Triage

Sharing

General

Target

RCG_48293729372.tar
Size

410KB
Sample

241203-1zejeaskhr
MD5

7ddf39aab483493ce577416732d4bc5b
SHA1

f900811f8d631f85f981eff4d9c976d83d6a296b
SHA256

de7605348e00fa74f915deddaaeb39e85e37d65758e3ab7b3e16b1c4d8934d74
SHA512

976e5691714f2dda72301eaf0897c52a1ec1d06d3af2a5039b3d685f75625aff74c640f9c06d523d5413e1607cbeeeee85c570ec40439624a20826350590d2e8
SSDEEP

6144:F0i/EsJ9XhQI6g5dMa/79m6Oc/hRN0uYDS+G5i8TXQkk0gsHHysDXMpJHxfFz1g/:FrpLhzjY8B4kF+G538kZFSsD8bH3+2A

Score

10^/10

asyncrat zcoopor-llega discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

ZCOOPOR-LLEGA

C2

8529pt.4cloud.click:8529

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  RCG_48293729372.tar
- Size
  
  410KB
- MD5
  
  7ddf39aab483493ce577416732d4bc5b
- SHA1
  
  f900811f8d631f85f981eff4d9c976d83d6a296b
- SHA256
  
  de7605348e00fa74f915deddaaeb39e85e37d65758e3ab7b3e16b1c4d8934d74
- SHA512
  
  976e5691714f2dda72301eaf0897c52a1ec1d06d3af2a5039b3d685f75625aff74c640f9c06d523d5413e1607cbeeeee85c570ec40439624a20826350590d2e8
- SSDEEP
  
  6144:F0i/EsJ9XhQI6g5dMa/79m6Oc/hRN0uYDS+G5i8TXQkk0gsHHysDXMpJHxfFz1g/:FrpLhzjY8B4kF+G538kZFSsD8bH3+2A
Score

10^/10

asyncrat zcoopor-llega discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratzcoopor-llegadiscoveryrat

behavioral2

asyncratzcoopor-llegadiscoveryrat