Overview

overview

10

Static

static

15a5548e97...2d.exe

windows7_x64

10

15a5548e97...2d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a5548e976f9a8ffad4c6eb397cf52d

  • Size

    253KB

  • Sample

    211021-yq271aaff8

  • MD5

    15a5548e976f9a8ffad4c6eb397cf52d

  • SHA1

    a2b8e4e54cdc9b4f4565674cce538734288f82e5

  • SHA256

    0ca4b3b694d6b317ab8df7c8f63198c7d696b9c238af5b9d83074670f4ed384b

  • SHA512

    0f62e13137cae54313fe7acfafa8ac3166ddd58589102847e5df3e55830992a355c5cda4a5c891580f6e513242fc89b4458e19d58262fb3fbac3d0f92fbdd9b0

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

dgrthdg.duckdns.org:1884

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_file

    chrome.exe

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      15a5548e976f9a8ffad4c6eb397cf52d

    • Size

      253KB

    • MD5

      15a5548e976f9a8ffad4c6eb397cf52d

    • SHA1

      a2b8e4e54cdc9b4f4565674cce538734288f82e5

    • SHA256

      0ca4b3b694d6b317ab8df7c8f63198c7d696b9c238af5b9d83074670f4ed384b

    • SHA512

      0f62e13137cae54313fe7acfafa8ac3166ddd58589102847e5df3e55830992a355c5cda4a5c891580f6e513242fc89b4458e19d58262fb3fbac3d0f92fbdd9b0

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks