asyncrat | b4c6596d0771b7327b61f11954a32b0638cecd535ce9be43ce01538f491212c9 | Triage

Sharing

General

Target

b4c6596d0771b7327b61f11954a32b0638cecd535ce9be43ce01538f491212c9
Size

2.0MB
Sample

241211-rgddyswjb1
MD5

1cdf2a762372824d3929991bf7202641
SHA1

acd4fb724ffae7c5d91274b896d603b675acd16b
SHA256

b4c6596d0771b7327b61f11954a32b0638cecd535ce9be43ce01538f491212c9
SHA512

8ae56f16cc52cb12c6bf392ddc54a1170db242ba729a84398734530f4f7bb72e401dcb18153e4427f766c169352cbe64c83a830e1c2662689c6604717a7e02e9
SSDEEP

12288:Rd5xfIau24NrisiwzRe2nxg0v0h4/6SjXP1BWy9sFRJOxh7OmM8zALgR/ryFUvhi:j48sVi6fzl9Nxh7OmM8EH2vgL

Score

10^/10

asyncrat dicembrinos09 discovery persistence rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Dicembrinos09

C2

inicioperiodo06.casacam.net:8854

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  b4c6596d0771b7327b61f11954a32b0638cecd535ce9be43ce01538f491212c9
- Size
  
  2.0MB
- MD5
  
  1cdf2a762372824d3929991bf7202641
- SHA1
  
  acd4fb724ffae7c5d91274b896d603b675acd16b
- SHA256
  
  b4c6596d0771b7327b61f11954a32b0638cecd535ce9be43ce01538f491212c9
- SHA512
  
  8ae56f16cc52cb12c6bf392ddc54a1170db242ba729a84398734530f4f7bb72e401dcb18153e4427f766c169352cbe64c83a830e1c2662689c6604717a7e02e9
- SSDEEP
  
  12288:Rd5xfIau24NrisiwzRe2nxg0v0h4/6SjXP1BWy9sFRJOxh7OmM8zALgR/ryFUvhi:j48sVi6fzl9Nxh7OmM8EH2vgL
Score

10^/10

asyncrat dicembrinos09 discovery persistence rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdicembrinos09discoverypersistencerat

behavioral2

asyncratdicembrinos09discoverypersistencerat