Overview

overview

10

Static

static

INVOICE_PAYMENT.exe

windows7_x64

10

INVOICE_PAYMENT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE_PAYMENT.exe

  • Size

    825KB

  • Sample

    210105-je1c7ra4bx

  • MD5

    d05c3e50c2fe19f0c73104fcdcc69b10

  • SHA1

    76d9509cfc31cc5dccf2dab9566a9145be2554bd

  • SHA256

    71279240d14f290a3b81f4a9a660c5cdb37d52c7c65c60f1fa035d5b05745537

  • SHA512

    7434d374919b6ad96cead1ae18d982bab0293be08dfd1eb6b37d5e1b3788424e14ccd0b0400fa1da5f8675453fdd2baadc7e5b560bf8a015ace75c59d6110516

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

79.134.225.34:6606

79.134.225.34:7707

79.134.225.34:8808
Mutex

yvlmeiqesk

Attributes
  • aes_key

    ocs7WICVJIXrCIZwVBdGxh2WNrfElyxa

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    NEWYEAR

  • host

    127.0.0.1,79.134.225.34

  • hwid

    10

  • install_file

  • install_folder

    %AppData%

  • mutex

    yvlmeiqesk

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.6D

aes.plain

Targets

    • Target

      INVOICE_PAYMENT.exe

    • Size

      825KB

    • MD5

      d05c3e50c2fe19f0c73104fcdcc69b10

    • SHA1

      76d9509cfc31cc5dccf2dab9566a9145be2554bd

    • SHA256

      71279240d14f290a3b81f4a9a660c5cdb37d52c7c65c60f1fa035d5b05745537

    • SHA512

      7434d374919b6ad96cead1ae18d982bab0293be08dfd1eb6b37d5e1b3788424e14ccd0b0400fa1da5f8675453fdd2baadc7e5b560bf8a015ace75c59d6110516

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks