Overview

overview

10

Static

static

IMG-06-05-...43.exe

windows7_x64

10

IMG-06-05-...43.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG-06-05-345678909876543.exe

  • Size

    222KB

  • Sample

    210506-4cb7jfbysj

  • MD5

    fd6cd4fc819f390b6c8b66820023e406

  • SHA1

    75313bc953f604560e69eeec7debef6c1aea049d

  • SHA256

    bba6a0edd815ea52c69ae4870598b5f4ff396f6e5860bb2e03d74e101b29e898

  • SHA512

    a6793de1bf344930071d7b5d860b4fdffba705fe5f5062a47492b57264e283bc93d313f7bc993ec7b3ebd7c54a95499827b4e24139ce0056053cf38b83568046

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

joseedward5001.ddns.net:1515

194.5.98.120:1515
Mutex

cfbtvyfbge

Attributes
  • aes_key

    HmKU5jDgSS0N12PbG0QQ2B4Ik7gjdFTl

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

  • host

    joseedward5001.ddns.net,194.5.98.120

  • hwid

    5

  • install_file

  • install_folder

    %AppData%

  • mutex

    cfbtvyfbge

  • pastebin_config

    null

  • port

    1515

  • version

    0.5.6A

aes.plain

Targets

    • Target

      IMG-06-05-345678909876543.exe

    • Size

      222KB

    • MD5

      fd6cd4fc819f390b6c8b66820023e406

    • SHA1

      75313bc953f604560e69eeec7debef6c1aea049d

    • SHA256

      bba6a0edd815ea52c69ae4870598b5f4ff396f6e5860bb2e03d74e101b29e898

    • SHA512

      a6793de1bf344930071d7b5d860b4fdffba705fe5f5062a47492b57264e283bc93d313f7bc993ec7b3ebd7c54a95499827b4e24139ce0056053cf38b83568046

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks