Gen_1.8.9_Exeucteable.exe

General
Target

Gen_1.8.9_Exeucteable.exe

Size

47KB

Sample

210902-xy8lse9wmx

Score
10 /10
MD5

3e4c3e29bb6d0645da07b0769cb92666

SHA1

17e2acc7213a0dc685e980396f1031c62116106b

SHA256

ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168

SHA512

27eb7635fd75287b328a1d2c67f77344cd8146e08d93e26d6579b0fec27cfba5efd9c4fe4e3a838d1823b18fdba1039074c0b6d49bf6efa16b450bb333180b1c

Malware Config

Extracted

Family asyncrat
Version 1.0.7
Botnet Default
C2

193.27.13.52:58107

193.27.13.57:58107

Attributes
anti_vm
true
bsod
false
delay
1
install
false
install_file
Windows.exe
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

Gen_1.8.9_Exeucteable.exe

MD5

3e4c3e29bb6d0645da07b0769cb92666

Filesize

47KB

Score
10 /10
SHA1

17e2acc7213a0dc685e980396f1031c62116106b

SHA256

ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168

SHA512

27eb7635fd75287b328a1d2c67f77344cd8146e08d93e26d6579b0fec27cfba5efd9c4fe4e3a838d1823b18fdba1039074c0b6d49bf6efa16b450bb333180b1c

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          10/10

                          behavioral1

                          1/10

                          behavioral2

                          10/10