General

  • Target

    385f838c307321ee41acb65038b407cb.exe

  • Size

    1.1MB

  • Sample

    210418-e384ertm12

  • MD5

    385f838c307321ee41acb65038b407cb

  • SHA1

    81af518b07fb70f5b983342e463c3a2c8f45ebf7

  • SHA256

    e86591dd7ed9084b84b3b76c379f9d348ea3262324877ebfbb173c1aec65b242

  • SHA512

    537d1b76099a8db625f6103337a51a8846a5b9c0a79e033a30dd91c0365243e3bccbb7a0eb89bf309173d6863c095c4e1a19a21605a604bb3ee7d4d910928247

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

podzeye.duckdns.org:5522

podzeye.duckdns.org:5552

podzeye.duckdns.org:5533

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    bvWieEm9xvjWPWmzbmFe0NuBHX1DCbdD

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    podzeye.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    5522,5552,5533

  • version

    0.5.7B

aes.plain

Targets

    • Target

      385f838c307321ee41acb65038b407cb.exe

    • Size

      1.1MB

    • MD5

      385f838c307321ee41acb65038b407cb

    • SHA1

      81af518b07fb70f5b983342e463c3a2c8f45ebf7

    • SHA256

      e86591dd7ed9084b84b3b76c379f9d348ea3262324877ebfbb173c1aec65b242

    • SHA512

      537d1b76099a8db625f6103337a51a8846a5b9c0a79e033a30dd91c0365243e3bccbb7a0eb89bf309173d6863c095c4e1a19a21605a604bb3ee7d4d910928247

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks