asyncrat | b94523ed66e252753367f93258e0139a2e013d117bdd2d2bc9cb2375f3d78d88 | Triage

Sharing

General

Target

ee8e9ef52f962c8a571678e10c002cc6.rar
Size

1.0MB
Sample

241213-qmr9mazkft
MD5

ee8e9ef52f962c8a571678e10c002cc6
SHA1

fab83004c355de4174e4117fbbda03ab685a9514
SHA256

b94523ed66e252753367f93258e0139a2e013d117bdd2d2bc9cb2375f3d78d88
SHA512

c91b8625b984ce636d6b9a03e33d124b3337227d87d9e4d50b407d86dadcb0a9bbdc76918a7cd59b17897aa41723d54162a2fd5614f31bd1e00e462994576c09
SSDEEP

24576:/x9TrYLuUrA+FHH7C7a5Tkz1D7RoEqcdt5QvFGbkg6OIx:HkCuGjBDmEldtAFGbs/x

Score

10^/10

asyncrat serverrenver discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

SERVERRENVER

C2

renver.duckdns.org:6606

Mutex

uuooxuxbnkywum

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  DOCUMENTOS PARA COBRO JURIDICO RADICADO ANTE JUZGADO 975128101.exe
- Size
  
  1.2MB
- MD5
  
  9ac1ccb87569fa16ce4f57fd60523bb3
- SHA1
  
  3f941382a909b6d6669d4d43235692fd6da0668e
- SHA256
  
  d6d989a3805793f76689f4da4589a888feb464ddeb0e98406e237eab5086364e
- SHA512
  
  51a1621f6de2dabb3ab02c0adb75cad49a1f7334a211ff4ec1c523ce0f2f65cbe2dc9fa4a64691c9fa6a15c31e9de7535ea52f63562494c5d29e1a585b0acac5
- SSDEEP
  
  24576:RABqplgmH5Bh7+e3SNrndpNbkt3W153nPTpaenXIlt8BO+:/5Bh7MXNbktaYuXIoM+
Score

10^/10

discovery asyncrat serverrenver rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratserverrenverdiscoveryrat