Overview

overview

10

Static

static

A55E103A9E...EA.exe

windows7_x64

10

A55E103A9E...EA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    A55E103A9E4D7BA8BD072DBA835701EA.exe

  • Size

    491KB

  • Sample

    210704-gy27695kcn

  • MD5

    a55e103a9e4d7ba8bd072dba835701ea

  • SHA1

    d3ab674af393662908833009828e7dc3df9fad82

  • SHA256

    590e531489556cfb9de022bc52bce2489c3609e693209c59fdce5698c6fc0be3

  • SHA512

    7742cadbad48d98e9b06026077dad966eba51d5283727a2d3399f0b7339f3cb4d447441f7d84c5c69093bc84b53a3be8f07cac4308aaa8dc72cd0784803a94a3

Score
10/10
asyncratpyinstallerratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

alemdar571.duckdns.org:59

alemdar571.duckdns.org:18

alemdar571.duckdns.org:4784

alemdar571.duckdns.org:5900
Mutex

anamorospuı

Attributes
  • aes_key

    E8XTIePNtGEhSuMTBq4MeNNRdG7tdCfZ

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    YENİFUD

  • host

    alemdar571.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    anamorospuı

  • pastebin_config

    null

  • port

    59,18,4784,5900

  • version

    0.5.7B

aes.plain

Targets

    • Target

      A55E103A9E4D7BA8BD072DBA835701EA.exe

    • Size

      491KB

    • MD5

      a55e103a9e4d7ba8bd072dba835701ea

    • SHA1

      d3ab674af393662908833009828e7dc3df9fad82

    • SHA256

      590e531489556cfb9de022bc52bce2489c3609e693209c59fdce5698c6fc0be3

    • SHA512

      7742cadbad48d98e9b06026077dad966eba51d5283727a2d3399f0b7339f3cb4d447441f7d84c5c69093bc84b53a3be8f07cac4308aaa8dc72cd0784803a94a3

    Score
    10/10
    asyncratpyinstallerratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks