Overview

overview

10

Static

static

10

CHERRY.exe

windows7_x64

10

CHERRY.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CHERRY.exe

  • Size

    48KB

  • Sample

    210227-cad7ds7tjj

  • MD5

    820bd630f443e32a6ead06212ff6e95e

  • SHA1

    9278a11d7bc5bc3b07d564a29f6d520bf10dc744

  • SHA256

    2c79e9095dabbab194fc34801c8e08cc1adc9576e71642d9e9b5f986964ad26d

  • SHA512

    cf2ff4dd6de9fbe4c159d72942d2b427c245d84dc60b268d0a8705c86922a7cb33ab53ba7aa4c0011f4b63c356b1dbfe194ef205392e9c9053bd7b1d6aea2f9a

Score
10/10
asyncratratspyware

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

jamesalex13-32442.portmap.host:32442

Mutex

AsyncMutex_2VI8tgPik

Attributes
  • aes_key

    LH6rs7V8nICHHwjuleXZSNJw5t2MZnAG

  • anti_detection

    true

  • autorun

    true

  • bdos

    true

  • delay

    Default

  • host

    jamesalex13-32442.portmap.host

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_2VI8tgPik

  • pastebin_config

    null

  • port

    32442

  • version

    0.5.7B

aes.plain

Targets

    • Target

      CHERRY.exe

    • Size

      48KB

    • MD5

      820bd630f443e32a6ead06212ff6e95e

    • SHA1

      9278a11d7bc5bc3b07d564a29f6d520bf10dc744

    • SHA256

      2c79e9095dabbab194fc34801c8e08cc1adc9576e71642d9e9b5f986964ad26d

    • SHA512

      cf2ff4dd6de9fbe4c159d72942d2b427c245d84dc60b268d0a8705c86922a7cb33ab53ba7aa4c0011f4b63c356b1dbfe194ef205392e9c9053bd7b1d6aea2f9a

    Score
    10/10
    asyncratratspyware

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks