asyncrat | c77882f467d466b5b619943dc1eeba33a4b966e1555e22fc212d93fb7238c128 | Triage

Sharing

General

Target

0ec08e63776de78d8f1719d83109338e.001
Size

579KB
Sample

241204-1argnsskev
MD5

0ec08e63776de78d8f1719d83109338e
SHA1

f8f3b4366464de4131d5dbd4c920547c1d24c93b
SHA256

c77882f467d466b5b619943dc1eeba33a4b966e1555e22fc212d93fb7238c128
SHA512

b211556f7b4d00c731e3cb19d2fb8092d8a898fb0c105d149506ccd67cd9de4490c7c9497d61525b7fd3cc9a8d065f6e4f21f607bd6dca5e9f73bebaf0ae034c
SSDEEP

12288:GOsNWJZAuurQjZYHVFYCtkVgPonMRWXH0JGBRUl2bXOBuB0VsFKUi:nnuTwZYHMmkVgwnMmH0sRUl2aBvS4Ui

Score

10^/10

asyncrat *** ave fenix ***discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

*** AVE FENIX ***

C2

holadic02.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  NOTIFICACION ELECTRONICA J AGRADECEMOS PRONTA CONFIRMACION DE RECIBIDO NUMERO DE RADICADO 0201494303 432943/00004Notificacion Electronica.exe
- Size
  
  1.9MB
- MD5
  
  16d2607288fb726450f200b7c935862e
- SHA1
  
  99ab6d9f3f8080965108bcf13d98dd215edc66be
- SHA256
  
  e758ad080b4fb8b693c2e60648871b2e01a5a3438a1e78707135ee921ed78b0a
- SHA512
  
  15e5cff16dbff19ada258d690db796616b3dfe6757cab626e79efe187521a5688f58cfb4aecb652960c6de71446b867872dd3498b9c4372063980275bc7618fb
- SSDEEP
  
  49152:l3SirYhIitmZrbQhrHqxZrbQhrHqIpV9m0t4c:l3mtmZrbQhrHqxZrbQhrHqm
Score

10^/10

asyncrat *** ave fenix ***discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncrat*** ave fenix ***discoverypersistencerat

behavioral2

asyncrat*** ave fenix ***discoverypersistencerat