General

  • Target

    4623254c01d5f7aacd77ce78329a0976.exe

  • Size

    770KB

  • Sample

    210727-sm3svw855j

  • MD5

    4623254c01d5f7aacd77ce78329a0976

  • SHA1

    10c144749fb54444b65a2cea0f3a18fc08a5a0a2

  • SHA256

    79c980bfebcae8726171a7cb2ff931f0da8bad4edd0fd0beb088e32ad1d1c7a7

  • SHA512

    b0cfa65b7875b4b4a8b06d92f1595c724dc9698246cae920cbbd5e0d8da955c8f573ed459a64ad35799f31bf301c2dd5df4b350afb83225b5954196c7ac5e500

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

C2

79.134.225.22:7890

Mutex

plpwufojgjumnqp

Attributes
  • aes_key

    YRR6qoQ9k1oF6WSlJmfPDS5io7Iq9moG

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Muva

  • host

    79.134.225.22

  • hwid

    25

  • install_file

  • install_folder

    %AppData%

  • mutex

    plpwufojgjumnqp

  • pastebin_config

    null

  • port

    7890

  • version

    0.5.6D

aes.plain

Targets

    • Target

      4623254c01d5f7aacd77ce78329a0976.exe

    • Size

      770KB

    • MD5

      4623254c01d5f7aacd77ce78329a0976

    • SHA1

      10c144749fb54444b65a2cea0f3a18fc08a5a0a2

    • SHA256

      79c980bfebcae8726171a7cb2ff931f0da8bad4edd0fd0beb088e32ad1d1c7a7

    • SHA512

      b0cfa65b7875b4b4a8b06d92f1595c724dc9698246cae920cbbd5e0d8da955c8f573ed459a64ad35799f31bf301c2dd5df4b350afb83225b5954196c7ac5e500

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks