Overview

overview

10

Static

static

f97285590f...8e.exe

windows7_x64

10

f97285590f...8e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f97285590fe7f6afbfc514ddd2bc538e

  • Size

    255KB

  • Sample

    211021-vh3a9abdfj

  • MD5

    f97285590fe7f6afbfc514ddd2bc538e

  • SHA1

    1268214c0978b144583a2ceaae238c2042b8ddc7

  • SHA256

    678d4084f84159e43cfb7acbeff823117b1a3610150bebefc202dcfe408b97c6

  • SHA512

    7f602b0f19bc90eb2ba66572cd4d6149ac3020a7acf36bada7667d16e782bf895475abd0498d4c30975830d8b68f51e2ad3fdf1a7a64c2e040eb497aa3f3d023

Score
10/10
asyncratdefaultratspywarestealersuricata

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

joselamartineslora09.duckdns.org:1980

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      f97285590fe7f6afbfc514ddd2bc538e

    • Size

      255KB

    • MD5

      f97285590fe7f6afbfc514ddd2bc538e

    • SHA1

      1268214c0978b144583a2ceaae238c2042b8ddc7

    • SHA256

      678d4084f84159e43cfb7acbeff823117b1a3610150bebefc202dcfe408b97c6

    • SHA512

      7f602b0f19bc90eb2ba66572cd4d6149ac3020a7acf36bada7667d16e782bf895475abd0498d4c30975830d8b68f51e2ad3fdf1a7a64c2e040eb497aa3f3d023

    Score
    10/10
    asyncratdefaultratsuricataspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks