Overview

overview

10

Static

static

PO-MKF-19808..pdf.scr

windows7_x64

10

PO-MKF-19808..pdf.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-MKF-19808..pdf.scr

  • Size

    181KB

  • Sample

    201109-n24zhd11ys

  • MD5

    8eda382c9b3ad817590b453d2e87c930

  • SHA1

    be453e291adb32e184e2303b8c6dade72cf955d7

  • SHA256

    3c9353b085fb97b6128f83a53c45ddd8efcaf9a62cbe824337bc97e7f01b69d2

  • SHA512

    90b36c1aac210ea97c9f9aee20903c833a0e89b2bf3fafc373e9640cc382267b1b4f3bf3b82962b8e2dcd963cef2eb58d3cbcfea60a4997dc87e2c0870ceaf83

Score
10/10
asyncratratrezer0

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

C2

null:null

Mutex

chizzy25@!7^

Attributes
  • aes_key

    55iYcxq7ddicCQWRfaDGH9kCLoouenVW

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    MAY

  • host

    null

  • hwid

    1

  • install_file

  • install_folder

    %AppData%

  • mutex

    chizzy25@!7^

  • pastebin_config

    https://pastebin.com/raw/HKYwiN9V

  • port

    null

  • version

    0.5.7A

aes.plain

Targets

    • Target

      PO-MKF-19808..pdf.scr

    • Size

      181KB

    • MD5

      8eda382c9b3ad817590b453d2e87c930

    • SHA1

      be453e291adb32e184e2303b8c6dade72cf955d7

    • SHA256

      3c9353b085fb97b6128f83a53c45ddd8efcaf9a62cbe824337bc97e7f01b69d2

    • SHA512

      90b36c1aac210ea97c9f9aee20903c833a0e89b2bf3fafc373e9640cc382267b1b4f3bf3b82962b8e2dcd963cef2eb58d3cbcfea60a4997dc87e2c0870ceaf83

    Score
    10/10
    asyncratratrezer0

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks