Overview

overview

10

Static

static

payment co...21.exe

windows7_x64

10

payment co...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment confirmation_16.01.2021.exe

  • Size

    1.4MB

  • Sample

    210118-p2z29y4kls

  • MD5

    e3aea83c2ae72dfbaf7d887baa9d40da

  • SHA1

    63b622b74f1e7ede93634c73d61384d431fbf199

  • SHA256

    60f80dde8a53609fc7411854b9400a613c6978386ef05aa1bbedbfd2fc51814e

  • SHA512

    100a267444667abf6e5ceb47157c92de523c6236fcdc07703c3b274f3e06ed35ab3a6040a87483e22d94758b35d71859df3dd2a22649cee9d41c2b05d6030eaa

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

bigman2021.duckdns.org:6606

bigman2021.duckdns.org:7707

bigman2021.duckdns.org:8808

79.134.225.18:6606

79.134.225.18:7707

79.134.225.18:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    8HLIxjjLl31oyeuCdupeIJlMgShc597W

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    bigman2021.duckdns.org,79.134.225.18

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.7B

aes.plain

Targets

    • Target

      payment confirmation_16.01.2021.exe

    • Size

      1.4MB

    • MD5

      e3aea83c2ae72dfbaf7d887baa9d40da

    • SHA1

      63b622b74f1e7ede93634c73d61384d431fbf199

    • SHA256

      60f80dde8a53609fc7411854b9400a613c6978386ef05aa1bbedbfd2fc51814e

    • SHA512

      100a267444667abf6e5ceb47157c92de523c6236fcdc07703c3b274f3e06ed35ab3a6040a87483e22d94758b35d71859df3dd2a22649cee9d41c2b05d6030eaa

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks