e136f191f0f60e3468e4d2544593790b

General
Target

e136f191f0f60e3468e4d2544593790b

Size

586KB

Sample

210915-hvcvxaaae8

Score
10 /10
MD5

e136f191f0f60e3468e4d2544593790b

SHA1

4c9f0804d19fd54de4c8ad8d0c4d8b9f60563d8c

SHA256

88b664a4ced04195d83f1964093c0a689fc174522ad9e8f8443d70a7f22cc757

SHA512

d348b6c23bc4f56b4632875b199bedae025df2f71012e4d3a2a7d26d75b762df840d6daf0c13ba7d843caf4417e669a87930c3fabb01bead4e2e100eb3348874

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet WIRE$$$$$$$$
C2

severdops.ddns.net:6204

Attributes
anti_vm
false
bsod
false
delay
3
install
true
install_file
iconfx.exe
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

e136f191f0f60e3468e4d2544593790b

MD5

e136f191f0f60e3468e4d2544593790b

Filesize

586KB

Score
10 /10
SHA1

4c9f0804d19fd54de4c8ad8d0c4d8b9f60563d8c

SHA256

88b664a4ced04195d83f1964093c0a689fc174522ad9e8f8443d70a7f22cc757

SHA512

d348b6c23bc4f56b4632875b199bedae025df2f71012e4d3a2a7d26d75b762df840d6daf0c13ba7d843caf4417e669a87930c3fabb01bead4e2e100eb3348874

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10