General

  • Target

    dcrat_heartcrypt.exe

  • Size

    3.8MB

  • Sample

    241217-rawxqa1kgw

  • MD5

    c011fd4c9d95dcf32b07d2a7b1087a9d

  • SHA1

    9ecceb46f27af09cbaccb726481a27353b3dd960

  • SHA256

    a74cc5cddbc77c63f202cc198442b0982c30a2e192b65f61fa9162278cb429b8

  • SHA512

    15e336537c3f1c781f1e4f859e8b30488fcf176746a3d65466ecfdd1d56ff450544c660f8ab402ac0b03e30afbbbad522bac38393113564e81b8051bbd14e4dc

  • SSDEEP

    98304:pyyMMwE+UlnIiV2GHJsqYGIhOLrppWsrBrA:prwPWIE2G2GXL1pr2

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

FELIZ

C2

octubre212024.giize.com:2727

fuertefuerte.accesscam.org:2727

octubre242024.casacam.net:2727

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      dcrat_heartcrypt.exe

    • Size

      3.8MB

    • MD5

      c011fd4c9d95dcf32b07d2a7b1087a9d

    • SHA1

      9ecceb46f27af09cbaccb726481a27353b3dd960

    • SHA256

      a74cc5cddbc77c63f202cc198442b0982c30a2e192b65f61fa9162278cb429b8

    • SHA512

      15e336537c3f1c781f1e4f859e8b30488fcf176746a3d65466ecfdd1d56ff450544c660f8ab402ac0b03e30afbbbad522bac38393113564e81b8051bbd14e4dc

    • SSDEEP

      98304:pyyMMwE+UlnIiV2GHJsqYGIhOLrppWsrBrA:prwPWIE2G2GXL1pr2

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks