asyncrat

General

Target

2cdfbaeb99da97fe3ed7bc8370f3af2a9c1a27e2812119a666f457264f6ca801.exe
Size

1004KB
Sample

241218-crhdbszman
MD5

f8b8beccdf66e3ef9ca54ac632ceb47b
SHA1

24a275521156c3d36a452a09b69b7fc9a1981f7e
SHA256

2cdfbaeb99da97fe3ed7bc8370f3af2a9c1a27e2812119a666f457264f6ca801
SHA512

59ebd8f4e418b1b30a069d9721a7bb72684b3675ca2422ab179abf266cfe3701643b60b2093407224c11f311f667076b41898a3d018831ea55bd59781ef6e4c1
SSDEEP

24576:qu6J33O0c+JY5UZ+XC0kGso6Fax8PEgNVWY:cu0c++OCvkGs9FaxpXY

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

oshaduck123.duckdns.org:6606

oshaduck123.duckdns.org:7707

oshaduck123.duckdns.org:8808

Mutex

ZWwiD1mukwdK

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  2cdfbaeb99da97fe3ed7bc8370f3af2a9c1a27e2812119a666f457264f6ca801.exe
- Size
  
  1004KB
- MD5
  
  f8b8beccdf66e3ef9ca54ac632ceb47b
- SHA1
  
  24a275521156c3d36a452a09b69b7fc9a1981f7e
- SHA256
  
  2cdfbaeb99da97fe3ed7bc8370f3af2a9c1a27e2812119a666f457264f6ca801
- SHA512
  
  59ebd8f4e418b1b30a069d9721a7bb72684b3675ca2422ab179abf266cfe3701643b60b2093407224c11f311f667076b41898a3d018831ea55bd59781ef6e4c1
- SSDEEP
  
  24576:qu6J33O0c+JY5UZ+XC0kGso6Fax8PEgNVWY:cu0c++OCvkGs9FaxpXY
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Asyncrat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2