Overview

overview

10

Static

static

5a3cdf3ff7...12.exe

windows7_x64

10

5a3cdf3ff7...12.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a3cdf3ff72ae454d4dff7bb0b299512.exe

  • Size

    89KB

  • Sample

    201228-p5w5c4jaw6

  • MD5

    5a3cdf3ff72ae454d4dff7bb0b299512

  • SHA1

    958a2619aaf9a3b17fd1c4f50d4e243a8e7566f7

  • SHA256

    c815a575d5dd8761cd6cbdde303eee7c80fb73d86487e5e519deb9792fd07978

  • SHA512

    894b61966b3705563c30b7fea128eb201e6ccaf7d65b4a09d73f5f0ca221a3c962991fd38bd99b3befe10b3f6d16e95f087d881380c6720b3b0f6fe084c3b2ac

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:222

127.0.0.1:1604

ipmdegismismalcry.duckdns.org:6606

ipmdegismismalcry.duckdns.org:7707

ipmdegismismalcry.duckdns.org:222

ipmdegismismalcry.duckdns.org:1604
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    Ck5Uro7Pu63wdC9T7uMSDglxtHHGLBUB

  • anti_detection

    false

  • autorun

    true

  • bdos

    false

  • delay

    22.12

  • host

    127.0.0.1,ipmdegismismalcry.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,222,1604

  • version

    0.5.7B

aes.plain

Targets

    • Target

      5a3cdf3ff72ae454d4dff7bb0b299512.exe

    • Size

      89KB

    • MD5

      5a3cdf3ff72ae454d4dff7bb0b299512

    • SHA1

      958a2619aaf9a3b17fd1c4f50d4e243a8e7566f7

    • SHA256

      c815a575d5dd8761cd6cbdde303eee7c80fb73d86487e5e519deb9792fd07978

    • SHA512

      894b61966b3705563c30b7fea128eb201e6ccaf7d65b4a09d73f5f0ca221a3c962991fd38bd99b3befe10b3f6d16e95f087d881380c6720b3b0f6fe084c3b2ac

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks