Overview

overview

10

Static

static

dsse.exe

windows7_x64

10

dsse.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dsse.exe

  • Size

    38.0MB

  • Sample

    211020-v218asacen

  • MD5

    917af4200d799a64919795d98418da12

  • SHA1

    90b40f97644113cca0bfe2169de77d9f7ca45260

  • SHA256

    e71f1c06d9d43301bebaaed1d28ad768fd51c27e4de192d611b0d4bcaf0093a3

  • SHA512

    cef5c9733400101adb2f75b87c6dbbbd1a289de5f606829bc5bf4413a72942a6d80a346b3ed4f6bd862ac7fae3456718ec9afd7a2fd2286824bf7769ad583883

Score
10/10
asyncratdefaultratspywarestealersuricata

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

79.134.225.35:1004

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      dsse.exe

    • Size

      38.0MB

    • MD5

      917af4200d799a64919795d98418da12

    • SHA1

      90b40f97644113cca0bfe2169de77d9f7ca45260

    • SHA256

      e71f1c06d9d43301bebaaed1d28ad768fd51c27e4de192d611b0d4bcaf0093a3

    • SHA512

      cef5c9733400101adb2f75b87c6dbbbd1a289de5f606829bc5bf4413a72942a6d80a346b3ed4f6bd862ac7fae3456718ec9afd7a2fd2286824bf7769ad583883

    Score
    10/10
    asyncratdefaultratspywarestealersuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks