asyncrat | c1e409d2db9e1838672858b0844dc5cd6d54cc5a0f532fdff23163ee74532096 | Triage

Sharing

General

Target

87ea8e6b349568d306c97efbb511b8fb.rar
Size

1.1MB
Sample

250115-vx4smayrb1
MD5

87ea8e6b349568d306c97efbb511b8fb
SHA1

adeac153aa08a3a4be52fa21559b64355c9fbc42
SHA256

c1e409d2db9e1838672858b0844dc5cd6d54cc5a0f532fdff23163ee74532096
SHA512

f5c343fb67628d0fab23504e7362105ba9d9828a32abbfb649e16e7752d64165e918682b482ab3d5581c0face24f70bf715dd442c65b5f7331168d4671608d7e
SSDEEP

24576:P6sQsEQI7ed7N32tO1r4lXgiIb3gJuojyAiHp7V1GmLe0CW8:esEQIO74Yr4lX76ggouAiHpRVe7

Score

10^/10

asyncrat discovery rat

Malware Config

Targets

- Target
  
  VER PROCESO ORDINARIO LABORAL VINCULADO CON RADICADO 20019-70-32971-2025-00115-00.exe
- Size
  
  1.2MB
- MD5
  
  d4650c7f2f955b87f7e302bc1ff5f915
- SHA1
  
  af2ac3a4aeb384b125b4cb3b2a91c90885289d77
- SHA256
  
  4656baa84cbdc5ef1a8403c5eeeb04053fed70e850ac526bcdb41b4ee57c2665
- SHA512
  
  b9873e334463eab6022a55823032c64b848bd029591ac891b30763e1bb9c7c2a69fe5c87492f3f32ae7ca8fcfe128e7e3fc24ff67b0ba9917a9bed9c1d60d8b0
- SSDEEP
  
  24576:cq29sJfyesnhtH6QQBzet11bP6YfbRd5SpH6gJa+lhB/LC+S7l39:cqkMOnXaQRn6SpiH6gvFS7l39
Score

10^/10

discovery asyncrat rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdiscoveryrat