Overview

overview

10

Static

static

Production...df.exe

windows7_x64

10

Production...df.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Production order List Quotation.pdf.exe

  • Size

    924KB

  • Sample

    210115-j9zc3dsqwa

  • MD5

    bc078bc0b438d5186ff9a7580412a532

  • SHA1

    25730487e2562435cd053891ec689a9b8b380399

  • SHA256

    8f74c5871c33b4bf63b43f3e7e216dae1cc92e79cd0035422c8eb6768b98dc06

  • SHA512

    d85a642736695dbe8645773ea8fb20a14b6c44b1892a136d149c2aa839d2e8ac165362e94b879930945f416e42f9a29874970a998820008e050613f3267f213a

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

1.remcosagent.com:1993

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    zfpcQBbFjdAkORcbNZ0s5ioknjh7mjo2

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    1.remcosagent.com

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    1993

  • version

    0.5.7B

aes.plain

Targets

    • Target

      Production order List Quotation.pdf.exe

    • Size

      924KB

    • MD5

      bc078bc0b438d5186ff9a7580412a532

    • SHA1

      25730487e2562435cd053891ec689a9b8b380399

    • SHA256

      8f74c5871c33b4bf63b43f3e7e216dae1cc92e79cd0035422c8eb6768b98dc06

    • SHA512

      d85a642736695dbe8645773ea8fb20a14b6c44b1892a136d149c2aa839d2e8ac165362e94b879930945f416e42f9a29874970a998820008e050613f3267f213a

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks