Overview

overview

10

Static

static

ea5586fa7f...8f.exe

windows7_x64

10

ea5586fa7f...8f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea5586fa7f0d505c2da6195577c26b8f.exe

  • Size

    135KB

  • Sample

    201228-c1kl3xjkfs

  • MD5

    ea5586fa7f0d505c2da6195577c26b8f

  • SHA1

    8fbef0041f4855c0a2890f9f4e6c2f39ede4ceb9

  • SHA256

    9dbc950fe84c308140479800c7195bff71275592abc5542808de4e18dbffae7f

  • SHA512

    6a33b0d1e18099e06d5757d30ebe70511c261ac92387a5ac1eaae369025e64415343cf9e99d30724440ed4c3dfa40dde88eba2bb3693d3879c45e4e1e7cbbcc7

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:222

127.0.0.1:1604

ipmdegismismalcry.duckdns.org:6606

ipmdegismismalcry.duckdns.org:7707

ipmdegismismalcry.duckdns.org:222

ipmdegismismalcry.duckdns.org:1604
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    Ck5Uro7Pu63wdC9T7uMSDglxtHHGLBUB

  • anti_detection

    false

  • autorun

    true

  • bdos

    false

  • delay

    22.12

  • host

    127.0.0.1,ipmdegismismalcry.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,222,1604

  • version

    0.5.7B

aes.plain

Targets

    • Target

      ea5586fa7f0d505c2da6195577c26b8f.exe

    • Size

      135KB

    • MD5

      ea5586fa7f0d505c2da6195577c26b8f

    • SHA1

      8fbef0041f4855c0a2890f9f4e6c2f39ede4ceb9

    • SHA256

      9dbc950fe84c308140479800c7195bff71275592abc5542808de4e18dbffae7f

    • SHA512

      6a33b0d1e18099e06d5757d30ebe70511c261ac92387a5ac1eaae369025e64415343cf9e99d30724440ed4c3dfa40dde88eba2bb3693d3879c45e4e1e7cbbcc7

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks