asyncrat | 5cdb7749ab92f641e1e1c77bb1c98f13035d85390e1b8f7a051f5d766a98eb38 | Triage

Sharing

General

Target

6f3b04da273d72c688a928b0b2c057eb.tar
Size

410KB
Sample

241203-2pxsnsyjex
MD5

6f3b04da273d72c688a928b0b2c057eb
SHA1

e411675b03461caca1d79379133c39d341252540
SHA256

5cdb7749ab92f641e1e1c77bb1c98f13035d85390e1b8f7a051f5d766a98eb38
SHA512

78abcff0e64f90327e75c73aed072faf106def9d5a7841c99f1dd11bbde2b089f6e02ee18843b488ab2e3caac427d9be128c1cf38a42fe0f443dc70dc35d89fc
SSDEEP

12288:fl0PUdKHGhE3pu+toKZPTRNo+Bc8rqTfwicTsQmZA:fndKHt0QTXo/QqUlx

Score

10^/10

asyncrat zcoopor-llega discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

ZCOOPOR-LLEGA

C2

8529pt.4cloud.click:8529

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  OKL_4928472847824..exe
- Size
  
  945KB
- MD5
  
  9b54e790a4bf5db73e90b08c94eb542a
- SHA1
  
  f60455f1338a85bbdc365e4714c184f75e8d383a
- SHA256
  
  716c50de230f15003dcac3de58c98751e012d8e39f42423b1de4d69e8fd847ad
- SHA512
  
  abe695847b0ef7eb050c01772088174375b62d4f32ae2da08bee840832b07827607da99caa43e0b1b78ecbb9c542a84815550f6bfc7fbd4faa0f6d36348e98c7
- SSDEEP
  
  24576:xj9dtZrhWZvkWoIhOwZIFTuLJiU5S52nseptJjTRvmkxzMO:p9xWvkWoKNGTuLJiU5S52ssLjYkKO
Score

10^/10

asyncrat zcoopor-llega discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratzcoopor-llegadiscoveryrat

behavioral2

asyncratzcoopor-llegadiscoveryrat