asyncrat | a7f9ac876725c139652d4ae4c35e65694311b91c93a924faebd71b1bf3acaeeb | Triage

Sharing

General

Target

e825ca04ae11f19227fd8fecf6f6beab.rar
Size

1006KB
Sample

241212-w1nfgsvkgm
MD5

e825ca04ae11f19227fd8fecf6f6beab
SHA1

f654e9d1de9e0a06517346abd96847c791c3497f
SHA256

a7f9ac876725c139652d4ae4c35e65694311b91c93a924faebd71b1bf3acaeeb
SHA512

bcff896469873fe4af2f5d21dcb35a765c1c8d2e406806bae3428266d16681e2ecea962e087dc3c0193a988ebfaa7cf15feca5a7dee6cd4e965317f79389c033
SSDEEP

24576:4S//PmY7jDBCbP8t0wS/KSAnjGhxWassemNsjCIL+VblOSx:4SnOgjDcb0t0w8qjQsHGG+TPx

Score

10^/10

asyncrat serverrenver discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

SERVERRENVER

C2

renver.duckdns.org:6606

Mutex

uuooxuxbnkywum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DOCUMENTOS Y RADICADO POR PROCESO LEGAL VIGENTE JUZGADO SEXTO 90775886812.exe
- Size
  
  1.1MB
- MD5
  
  7a534379b0540746e129ebbb46b8e18b
- SHA1
  
  ed2060030b9bf62caf63204e5f759d6226193d05
- SHA256
  
  0d31c1307dcf3ae0fae134104a4877b0f5619b8f6e78e4b45ac6772aa3f123e1
- SHA512
  
  f3ab1ad4ce463bbb7e2385db8a50626e392b1595ea45f0f14b2769f3c2995fc0232ba59f641bbcdc925223bbf90794a765180d9b70c6d6f0fb59ca37c831585e
- SSDEEP
  
  24576:5iEZyZidvxi9amzBU5tq3E/CzeGpstLl0f7QZ:5AEdZi9o29zX+0TQZ
Score

10^/10

asyncrat serverrenver discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratserverrenverdiscoveryrat

behavioral2

asyncratserverrenverdiscoveryrat