asyncrat | 33af568982557c9fdb0f6ba02be6bfcca82344581f06c4cc8a0f5bf7621ee9e1 | Triage

Sharing

General

Target

VISUALIZAR PROCESO CON RADICADO 20015-50-30571-2024-01212-00; MOTIVO COBRO JURIDICO; 901379498; RAPIDO DIGITAL LMS SOLUCIONES GRÁFICAS S.A.S.rar
Size

1013KB
Sample

241212-s4eqza1kal
MD5

91e5e7008ba04d257d28aae64f1cf619
SHA1

e7b0610c8beac6e789b313754a8b700a564a8d21
SHA256

33af568982557c9fdb0f6ba02be6bfcca82344581f06c4cc8a0f5bf7621ee9e1
SHA512

acbb1f02b4322d2d2898f1b2eec6d80d0f48b7d85c233cc740eeb568034c642b63ee95592d1eaf85afd182037eccd1b5b396a4d2877687f2e09801d54d6056c7
SSDEEP

24576:YNAf1rQ3zrPRb22qDarECj01ofgqGQZiyW4I5:oEszr42fIC2YFG

Score

10^/10

asyncrat discovery rat

Malware Config

Targets

- Target
  
  VISUALIZAR PROCESO CON RADICADO 20015-50-30571-2024-01212-00; MOTIVO COBRO JURIDICO; 901379498; RAPIDO DIGITAL LMS SOLUCIONES GRÁFICAS S.A.S.rar
- Size
  
  1013KB
- MD5
  
  91e5e7008ba04d257d28aae64f1cf619
- SHA1
  
  e7b0610c8beac6e789b313754a8b700a564a8d21
- SHA256
  
  33af568982557c9fdb0f6ba02be6bfcca82344581f06c4cc8a0f5bf7621ee9e1
- SHA512
  
  acbb1f02b4322d2d2898f1b2eec6d80d0f48b7d85c233cc740eeb568034c642b63ee95592d1eaf85afd182037eccd1b5b396a4d2877687f2e09801d54d6056c7
- SSDEEP
  
  24576:YNAf1rQ3zrPRb22qDarECj01ofgqGQZiyW4I5:oEszr42fIC2YFG
Score

1^/10
behavioral1 behavioral2
- Target
  
  VISUALIZAR PROCESO CON RADICADO 20015-50-30571-2024-01212-00; MOTIVO COBRO JURIDICO; 901379498; RAPIDO DIGITAL LMS SOLUCIONES GRÁFICAS S.A.S..exe
- Size
  
  1.1MB
- MD5
  
  9bb9d056b430ff1c641cab61fb26997d
- SHA1
  
  352fff3522797c70db432d05c5d6f070ede1714a
- SHA256
  
  b85cd3bc11b817252b19e13294b4b71c98bca3012fcc72201dc9e2d2ccbce0ea
- SHA512
  
  62bc7494cc1a605d039cbb5b2b796256f5c049ab6d34acb6de922ec1ff6806715bde8953119da9c0370f3c7d87462bed809c11a75e8c8e314c6b847ae8eb21f4
- SSDEEP
  
  24576:6wTKpxzdDajv7GRzyLskDtvVoBNSoGynXPkYY2D:6/pqDGhyXDtNoBNSWPk2D
Score

10^/10

discovery asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

asyncratdiscoveryrat