Overview

overview

10

Static

static

2798501849...5a.exe

windows7_x64

10

2798501849...5a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5765869928742912.zip

  • Size

    418KB

  • Sample

    210419-g6qe6a8vc2

  • MD5

    ed483629c59788589684b43e127042be

  • SHA1

    898de315b7664aa058c2c97f898207279948fb2c

  • SHA256

    574a2711ba6fc60ea40eb0610a567a86a6d80a033059b5c47a2347de917da649

  • SHA512

    e3e21fdb1eaf00615d25958b39997fa111ba501ffe119f7ff518263e70c9344bfdabfdd358fb2d8ce414c9fa427f27f096e009335230db0b62ef891acdd93a34

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

fedeloperome09.duckdns.org:1884

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    rCcPIZRuOpZ1tE1foTgZDDuqhAqiDiBZ

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    fedeloperome09.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    1884

  • version

    0.5.7B

aes.plain

Targets

    • Target

      2798501849fb1844af16adf13898125e2589d94929c4231be0cea89ddcb4c95a

    • Size

      632KB

    • MD5

      a23fbc23425218221b2d5d40bfe948d0

    • SHA1

      a81fff01ca92d5b540f3960183dd923750388ae2

    • SHA256

      2798501849fb1844af16adf13898125e2589d94929c4231be0cea89ddcb4c95a

    • SHA512

      6609a2c202e506aec733577ec7e15de428a7df0f17de7d50c5fe37860e6bd64871806ad1c511d1539e9dde5dc149944cedd6d4a1ec2d59a1d07b7dd261882eb2

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks