Overview

overview

10

Static

static

10

Gen_1.8.9_...le.exe

windows7_x64

1

Gen_1.8.9_...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Gen_1.8.9_Exeucteable.exe

  • Size

    47KB

  • Sample

    210902-xy8lse9wmx

  • MD5

    3e4c3e29bb6d0645da07b0769cb92666

  • SHA1

    17e2acc7213a0dc685e980396f1031c62116106b

  • SHA256

    ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168

  • SHA512

    27eb7635fd75287b328a1d2c67f77344cd8146e08d93e26d6579b0fec27cfba5efd9c4fe4e3a838d1823b18fdba1039074c0b6d49bf6efa16b450bb333180b1c

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

193.27.13.52:58107

193.27.13.57:58107
Mutex

DcRatMutex_qwqdanchun

Attributes
  • anti_vm

    true

  • bsod

    false

  • delay

    1

  • install

    false

  • install_file

    Windows.exe

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      Gen_1.8.9_Exeucteable.exe

    • Size

      47KB

    • MD5

      3e4c3e29bb6d0645da07b0769cb92666

    • SHA1

      17e2acc7213a0dc685e980396f1031c62116106b

    • SHA256

      ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168

    • SHA512

      27eb7635fd75287b328a1d2c67f77344cd8146e08d93e26d6579b0fec27cfba5efd9c4fe4e3a838d1823b18fdba1039074c0b6d49bf6efa16b450bb333180b1c

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks