Overview

overview

10

Static

static

10

async1_ravengeRAT.exe

windows7_x64

1

async1_ravengeRAT.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    async1_ravengeRAT.exe

  • Size

    47KB

  • Sample

    210114-fxhww7frvs

  • MD5

    ddd27af6aa3c0cc0c1a423a413842a52

  • SHA1

    7533d2136cd2ca9caa3cf2e0762e2e2a70e6f52d

  • SHA256

    dd0f1ebf512a897e0a0130602febbe793a00d8751dc061bc8c40ada66ac220fe

  • SHA512

    cb93d4d1c71072db9068e0673d5bb2c1075c62263212488db18b483494d772308fff4ce26b11973f486e0b34516143f3a5bf38e2ca3c68797db8503350373eeb

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

minharola.hopto.org:6606

minharola.hopto.org:7707

minharola.hopto.org:8808

cdtpitbull.hopto.org:6606

cdtpitbull.hopto.org:7707

cdtpitbull.hopto.org:8808

cudaegua.ddns.net:6606

cudaegua.ddns.net:7707

cudaegua.ddns.net:8808
Mutex

a377d1b1c0538833035211f4083d00fecc414dab

Attributes
  • aes_key

    uHP7c7Cosh571ds05um4kYDDE2FWQ6fx

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    NEW-SPAM

  • host

    127.0.0.1,minharola.hopto.org,cdtpitbull.hopto.org,cudaegua.ddns.net

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    a377d1b1c0538833035211f4083d00fecc414dab

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.7B

aes.plain

Targets

    • Target

      async1_ravengeRAT.exe

    • Size

      47KB

    • MD5

      ddd27af6aa3c0cc0c1a423a413842a52

    • SHA1

      7533d2136cd2ca9caa3cf2e0762e2e2a70e6f52d

    • SHA256

      dd0f1ebf512a897e0a0130602febbe793a00d8751dc061bc8c40ada66ac220fe

    • SHA512

      cb93d4d1c71072db9068e0673d5bb2c1075c62263212488db18b483494d772308fff4ce26b11973f486e0b34516143f3a5bf38e2ca3c68797db8503350373eeb

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks