02179909185ee25814dd4ea226540021

General
Target

02179909185ee25814dd4ea226540021

Size

585KB

Sample

210915-hvcvxadbam

Score
10 /10
MD5

02179909185ee25814dd4ea226540021

SHA1

d54bd08e2c4b7aa3971eff0ee15ac064889c1f5b

SHA256

aebf016b75a0461729b84255f307d279a60675a8769affdb69f9ad68ba9b86b3

SHA512

6933dcc2d81d62d12756436df4f8bde39fe1ccb868b73a323153dbb360059cb82111d5ff134c43269879cf8dbb9b69a17732fccbfa927295e87a82831dea9105

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet WIRE$$$$$$$$
C2

severdops.ddns.net:6204

Attributes
anti_vm
false
bsod
false
delay
3
install
true
install_file
iconfx.exe
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

02179909185ee25814dd4ea226540021

MD5

02179909185ee25814dd4ea226540021

Filesize

585KB

Score
10 /10
SHA1

d54bd08e2c4b7aa3971eff0ee15ac064889c1f5b

SHA256

aebf016b75a0461729b84255f307d279a60675a8769affdb69f9ad68ba9b86b3

SHA512

6933dcc2d81d62d12756436df4f8bde39fe1ccb868b73a323153dbb360059cb82111d5ff134c43269879cf8dbb9b69a17732fccbfa927295e87a82831dea9105

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10