asyncrat | ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168 | Triage

Sharing

General

Target

Gen_1.8.9_Exeucteable.exe
Size

47KB
Sample

210902-xy8lse9wmx
MD5

3e4c3e29bb6d0645da07b0769cb92666
SHA1

17e2acc7213a0dc685e980396f1031c62116106b
SHA256

ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168
SHA512

27eb7635fd75287b328a1d2c67f77344cd8146e08d93e26d6579b0fec27cfba5efd9c4fe4e3a838d1823b18fdba1039074c0b6d49bf6efa16b450bb333180b1c

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

193.27.13.52:58107

193.27.13.57:58107

Mutex

DcRatMutex_qwqdanchun

Attributes

anti_vm
true
bsod
false
delay
1
install
false
install_file
Windows.exe
install_folder
%AppData%
pastebin_config
null

aes.plain

Targets

- Target
  
  Gen_1.8.9_Exeucteable.exe
- Size
  
  47KB
- MD5
  
  3e4c3e29bb6d0645da07b0769cb92666
- SHA1
  
  17e2acc7213a0dc685e980396f1031c62116106b
- SHA256
  
  ca84e70120b5fb479ca54211645ac24d562849107ef0e04df6741c0b88d6d168
- SHA512
  
  27eb7635fd75287b328a1d2c67f77344cd8146e08d93e26d6579b0fec27cfba5efd9c4fe4e3a838d1823b18fdba1039074c0b6d49bf6efa16b450bb333180b1c
Score

10^/10
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

ratdefaultasyncrat

behavioral1

behavioral2