Overview

overview

10

Static

static

5E4BBF19A6...B7.exe

windows7_x64

5

5E4BBF19A6...B7.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5E4BBF19A6E055CC6C2C98EF38288F3465C30E25542B7.exe

  • Size

    486KB

  • Sample

    220124-ycdmgshdh8

  • MD5

    32cc876191795965e3d5f80cfa90ab3d

  • SHA1

    91eb8879cc44f8361454eb89756fc902e73c3cb1

  • SHA256

    5e4bbf19a6e055cc6c2c98ef38288f3465c30e25542b735fbfca921fdb8b95f9

  • SHA512

    e5f369587c4980bd7aa8590921743f8894777883fec485b2cb726c905d21cf9f4639a2498f2d57520c4eb771b032f4c6882b3679a1af1ce5fd0dacd6c42edb82

Score
10/10
asyncratevasionrat

Malware Config

Extracted

Family

asyncrat

Version

v0.2

C2

dhciaicjzis.xyz:1703

aisviua77s.xyz:1703

sakivivjasiv8cozo3.cn:1703

asidivuvuas8rnvns73.xyz:1703

dsijfiudsfiashvu7ds43.xyz:1703
Mutex

afgj6j3umd5uk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    0

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      5E4BBF19A6E055CC6C2C98EF38288F3465C30E25542B7.exe

    • Size

      486KB

    • MD5

      32cc876191795965e3d5f80cfa90ab3d

    • SHA1

      91eb8879cc44f8361454eb89756fc902e73c3cb1

    • SHA256

      5e4bbf19a6e055cc6c2c98ef38288f3465c30e25542b735fbfca921fdb8b95f9

    • SHA512

      e5f369587c4980bd7aa8590921743f8894777883fec485b2cb726c905d21cf9f4639a2498f2d57520c4eb771b032f4c6882b3679a1af1ce5fd0dacd6c42edb82

    Score
    10/10
    asyncratevasionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Modifies Windows Firewall

      evasion

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks