General

  • Target

    VZ8WSCNqI5hk6UO.exe

  • Size

    1MB

  • Sample

    210726-d1h1ea4ls6

  • MD5

    5624c43315cd655ce3162930ca5feecf

  • SHA1

    9fe4a649a4c12e15bb19157c11f166d811e8e56a

  • SHA256

    46aaee021fec9564e323cbb46072b15696f53cb48e153a6575ec8abc8feba35e

  • SHA512

    8ddd7f8bf8283af1c28a3ac55793b3e9f761531ad3d11d7a9548dc686082ec924beb8468b7644486df403a8447178aebc4b6048bd7083633342442ce3ece0a9c

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

wabbus02.duckdns.org:6606

wabbus02.duckdns.org:7707

wabbus02.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    9qwxkQ2pkGzKNYyg3Ocjqt8oTvsTstZQ

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    wabbus02.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.7B

aes.plain

Targets

    • Target

      VZ8WSCNqI5hk6UO.exe

    • Size

      1MB

    • MD5

      5624c43315cd655ce3162930ca5feecf

    • SHA1

      9fe4a649a4c12e15bb19157c11f166d811e8e56a

    • SHA256

      46aaee021fec9564e323cbb46072b15696f53cb48e153a6575ec8abc8feba35e

    • SHA512

      8ddd7f8bf8283af1c28a3ac55793b3e9f761531ad3d11d7a9548dc686082ec924beb8468b7644486df403a8447178aebc4b6048bd7083633342442ce3ece0a9c

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks