BL. NO. ANSMUNDAR3621.exe

General
Target

BL. NO. ANSMUNDAR3621.exe

Size

343KB

Sample

211021-pt2wzaace8

Score
10 /10
MD5

6e313f49084c58fcd006489103bac31a

SHA1

cfb76b45950b867da23054c1df26ce8e7a3f8274

SHA256

408e8ea1cbe31a44e822f1673cbfbe79dbd2938a1e449e61a661c1cceda8f322

SHA512

e75348da00f0e5d3089a38f8400b18cee22a057f6dc7da3068e49875d024e8512e90b9bdeaad3f866b4dfd0388b72952a4fbdb0a78c845cebaf4f253de1be2a2

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet Default
C2

185.222.57.71:00783

Attributes
anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

BL. NO. ANSMUNDAR3621.exe

MD5

6e313f49084c58fcd006489103bac31a

Filesize

343KB

Score
10 /10
SHA1

cfb76b45950b867da23054c1df26ce8e7a3f8274

SHA256

408e8ea1cbe31a44e822f1673cbfbe79dbd2938a1e449e61a661c1cceda8f322

SHA512

e75348da00f0e5d3089a38f8400b18cee22a057f6dc7da3068e49875d024e8512e90b9bdeaad3f866b4dfd0388b72952a4fbdb0a78c845cebaf4f253de1be2a2

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10