Overview

overview

10

Static

static

PO20002106.exe

windows7_x64

10

PO20002106.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO20002106.exe

  • Size

    695KB

  • Sample

    210106-28563v9wwa

  • MD5

    823cbb9bac152ecf6d251f686ffa1ab5

  • SHA1

    c9beb84d2505636820bd357abba5af0cd5a47c52

  • SHA256

    6a552b03353efc74c7871b59d8844ee8990a224de336ca893e1b74d10cd4b16b

  • SHA512

    30268ed85b8b3d2d3c2d8a4ef9f0207d546be06c83cdd163b11c11ba788c159e8324c2142e946e873a017d6c3f8922550331b3ea4b25c4c02c6448c3029110b6

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

null:null

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    yFdiISTMNVqtdBU1VShPLhZnkF6gdamp

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    billion

  • host

    null

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    https://pastebin.com/raw/Q5Dxj1fY

  • port

    null

  • version

    0.5.7B

aes.plain

Targets

    • Target

      PO20002106.exe

    • Size

      695KB

    • MD5

      823cbb9bac152ecf6d251f686ffa1ab5

    • SHA1

      c9beb84d2505636820bd357abba5af0cd5a47c52

    • SHA256

      6a552b03353efc74c7871b59d8844ee8990a224de336ca893e1b74d10cd4b16b

    • SHA512

      30268ed85b8b3d2d3c2d8a4ef9f0207d546be06c83cdd163b11c11ba788c159e8324c2142e946e873a017d6c3f8922550331b3ea4b25c4c02c6448c3029110b6

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks