Overview

overview

10

Static

static

OriginalDo...mn.exe

windows7_x64

10

OriginalDo...mn.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OriginalDocument130122mn.exe

  • Size

    157KB

  • Sample

    220113-rk8dhaahaj

  • MD5

    d68bac4ee4dd56238db775d8b3f8c750

  • SHA1

    35278019595a8a045fa0d6b1ddf7a1bfc9efb2b7

  • SHA256

    04f4ba8764350738645fc2857e53aa8dc1f6b8629fe81796fd23f2d8b07030a8

  • SHA512

    23d56eba9947b1aedf5934937c58992e8493e49c94b7407384acbd9a84889ec5b4a846ed27345721a12281553ecbbfa5f07f8c9614ff3c3304bd04d45b391847

Score
10/10
asyncratratsuricata

Malware Config

Targets

    • Target

      OriginalDocument130122mn.exe

    • Size

      157KB

    • MD5

      d68bac4ee4dd56238db775d8b3f8c750

    • SHA1

      35278019595a8a045fa0d6b1ddf7a1bfc9efb2b7

    • SHA256

      04f4ba8764350738645fc2857e53aa8dc1f6b8629fe81796fd23f2d8b07030a8

    • SHA512

      23d56eba9947b1aedf5934937c58992e8493e49c94b7407384acbd9a84889ec5b4a846ed27345721a12281553ecbbfa5f07f8c9614ff3c3304bd04d45b391847

    Score
    10/10
    asyncratratsuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks