f0b1460964ead846d1cf3c41026e8cba.exe

General
Target

f0b1460964ead846d1cf3c41026e8cba.exe

Size

330KB

Sample

220114-k8jlqafehp

Score
10 /10
MD5

f0b1460964ead846d1cf3c41026e8cba

SHA1

75cded270a8cc13c3fbd170a71b441884a11ba23

SHA256

4cbf005d08aae507c2d7aca647d2f95738d8610d7fdfbe8944010408695b7c1f

SHA512

0564ffe06f37b3cfe335bda89b0685f7da8552630bb8ff0dce1a59682e4ae89312ebca8b51eab0b7660f54c5697580c0d59a593b63d5a0312b4a2ef74af58d24

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet 1
C2

212.193.30.54:8754

Attributes
anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

f0b1460964ead846d1cf3c41026e8cba.exe

MD5

f0b1460964ead846d1cf3c41026e8cba

Filesize

330KB

Score
10/10
SHA1

75cded270a8cc13c3fbd170a71b441884a11ba23

SHA256

4cbf005d08aae507c2d7aca647d2f95738d8610d7fdfbe8944010408695b7c1f

SHA512

0564ffe06f37b3cfe335bda89b0685f7da8552630bb8ff0dce1a59682e4ae89312ebca8b51eab0b7660f54c5697580c0d59a593b63d5a0312b4a2ef74af58d24

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10