Overview

overview

10

Static

static

PCKAGEASYY...BD.exe

windows7_x64

10

PCKAGEASYY...BD.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PCKAGEASYYFl9JBTDn3xBGBD.exe

  • Size

    510KB

  • Sample

    201109-zztw6sfct6

  • MD5

    55dc1d94d29d1ad35a307a50f818717c

  • SHA1

    8ec7f39cd872de3d4a65caeb5e046f7fa6f2ecf6

  • SHA256

    0ed397f068e9ffac40486cc83ff5eeb06df0e2b504eb3e5bfdb2acc43c3c98f7

  • SHA512

    c7925fd01a59e819279b035df79979b21dfd0cef59658226f62aafe0b21a6ea4b80c957c3040366f31d3a2ea0db005879f5c7381a6e06fa1ae49b3d8050b9545

Score
10/10
asyncratratrezer0

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes
  • aes_key

    5eoiILw5GAY7OkbkZoi8uQvz2qpV60Nt

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    sunday

  • host

    185.165.153.215

  • hwid

    1

  • install_file

  • install_folder

    %AppData%

  • mutex

    uqeolevmck

  • pastebin_config

    null

  • port

    6606

  • version

    0.5.6D

aes.plain

Targets

    • Target

      PCKAGEASYYFl9JBTDn3xBGBD.exe

    • Size

      510KB

    • MD5

      55dc1d94d29d1ad35a307a50f818717c

    • SHA1

      8ec7f39cd872de3d4a65caeb5e046f7fa6f2ecf6

    • SHA256

      0ed397f068e9ffac40486cc83ff5eeb06df0e2b504eb3e5bfdb2acc43c3c98f7

    • SHA512

      c7925fd01a59e819279b035df79979b21dfd0cef59658226f62aafe0b21a6ea4b80c957c3040366f31d3a2ea0db005879f5c7381a6e06fa1ae49b3d8050b9545

    Score
    10/10
    asyncratratrezer0

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks