Request For Quote.exe

General
Target

Request For Quote.exe

Size

723KB

Sample

210611-6sbgp2jenj

Score
10 /10
MD5

60b38fcb88892b72f97c72a04b03ce29

SHA1

90a9b8272b1c39aba84ceb9c53aa1b041fb61f6b

SHA256

86a970ceae4a26b7b3cca4894885278b76aede70d85c92a2c55d9fe4d950a879

SHA512

a5fe465d7fd3dc278c85be115ae060b85a069f445d3a768064e34fa51de08221368890bce5f958bc2133fbc4bfbc8393b7a0fff7a9093f80ef82dd6d8fad4477

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
C2

kingmethod.duckdns.org:6606

kingmethod.duckdns.org:7707

kingmethod.duckdns.org:8808

Attributes
aes_key
OZXGLSBOBV86soeiTb9Hf1tQxfBtCgFw
anti_detection
false
autorun
false
bdos
false
delay
Default
host
,kingmethod.duckdns.org
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
6606,7707,8808
version
0.5.7B
aes.plain
Targets
Target

Request For Quote.exe

MD5

60b38fcb88892b72f97c72a04b03ce29

Filesize

723KB

Score
10 /10
SHA1

90a9b8272b1c39aba84ceb9c53aa1b041fb61f6b

SHA256

86a970ceae4a26b7b3cca4894885278b76aede70d85c92a2c55d9fe4d950a879

SHA512

a5fe465d7fd3dc278c85be115ae060b85a069f445d3a768064e34fa51de08221368890bce5f958bc2133fbc4bfbc8393b7a0fff7a9093f80ef82dd6d8fad4477

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10