Overview

overview

10

Static

static

200CB4B34E...7A.exe

windows7_x64

10

200CB4B34E...7A.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    200CB4B34EA0E61FE8454731BF7A107A.exe

  • Size

    1.9MB

  • Sample

    210418-e8xhdclebx

  • MD5

    200cb4b34ea0e61fe8454731bf7a107a

  • SHA1

    a6121f8f7d8600c2278e90d5ae622c9b2d3b410b

  • SHA256

    3deec916d94fabdc65168ebd8b5f072a702781064d13b10700d9a52998a669a3

  • SHA512

    62c947626012a18c3a4644ff24909b1c2a3a427b1df4529139eb54bb74da12b5299aca0070d4b0deee168098ea7474207868644e82917bdbf130797f1676fe99

Score
10/10
asyncratvjw0rmpersistencerattrojanworm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://www.uplooder.net/f/tl/31/ee790edf8aa2f02c1ffb71003ad4a5c8/defender.mp3

Extracted

Family

asyncrat

Version

0.5.7B

C2

46.1.54.174:87

46.1.54.174:85
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    R77ian3L214LimJgd0qPoT0OH274e11M

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    strings

  • host

    46.1.54.174

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    87,85

  • version

    0.5.7B

aes.plain

Targets

    • Target

      200CB4B34EA0E61FE8454731BF7A107A.exe

    • Size

      1.9MB

    • MD5

      200cb4b34ea0e61fe8454731bf7a107a

    • SHA1

      a6121f8f7d8600c2278e90d5ae622c9b2d3b410b

    • SHA256

      3deec916d94fabdc65168ebd8b5f072a702781064d13b10700d9a52998a669a3

    • SHA512

      62c947626012a18c3a4644ff24909b1c2a3a427b1df4529139eb54bb74da12b5299aca0070d4b0deee168098ea7474207868644e82917bdbf130797f1676fe99

    Score
    10/10
    asyncratvjw0rmpersistencerattrojanworm

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Hidden Files and Directories

1
T1158

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks