asyncrat | 718a7b49deeaecfbf9d66584366dfeeec6beb570eeff50aae0149d33654ba73d | Triage

Sharing

General

Target

takitak.7z
Size

460KB
Sample

241205-k4szlaxpbt
MD5

8b4990246b4a514cbe8f53c8464e21c8
SHA1

ba3d3b79de89ebf38439d9ebc19d82ffdd2f4486
SHA256

718a7b49deeaecfbf9d66584366dfeeec6beb570eeff50aae0149d33654ba73d
SHA512

46564e54d3b25764e6657bfbe775a0e72bd8cc89ce70ae05dcf91bd71c98cc88883eb7d6dde6ab40e1fe0044a8b86fd338bcdeebf0b7dd6d163ed0aff023e41f
SSDEEP

6144:MPXnbWWScQkWTgZwtY4kgUgyEf9h+jfCp7jX2GyZygxyJbmKDWKgH9bhx6qp:MbMqWTgZwtYPCytSX2FNxR07gHrp

Score

10^/10

asyncrat dic03 discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

DIC03

C2

fgtryuioiewq.duckdns.org:8010

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Admisorio N° 3791594003-2024.exe
- Size
  
  1.4MB
- MD5
  
  cd816b257768edfcc207c46560dc848d
- SHA1
  
  fbf28fbf3371f8ba318d2ace74249bd399a1517a
- SHA256
  
  3ea300295c8dea1b8fc3cae09ae34ce41b82f4968487c626765bddc62a2bcc3a
- SHA512
  
  7f4d283c7916535d5bfd27e0ec71093625562053ffae5edbae84a8c67f5b8c134a17385f8ddd6ccf3d25466d76fd6bbf94669b6ee1692df9c52f5ef8bcff8631
- SSDEEP
  
  24576:8F1LXN0h9W02JhZIdcZrH8r/cw/H5sa1viJL:A1xS9R0Z4iW2
Score

10^/10

asyncrat dic03 discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdic03discoveryrat

behavioral2

asyncratdic03discoveryrat