Overview

overview

10

Static

static

INVOICE_PAYMENT.exe

windows7_x64

10

INVOICE_PAYMENT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    905d2b5bc1104f9105d00772f45d9a01ed4884a231e9feda48535510c7efbde1

  • Size

    508KB

  • Sample

    220221-m6hyhsaghq

  • MD5

    14f149071cc5908b01fbb0d7afb9d2ba

  • SHA1

    446d7b34fe9c650c76131570b236e5f4ca3db663

  • SHA256

    905d2b5bc1104f9105d00772f45d9a01ed4884a231e9feda48535510c7efbde1

  • SHA512

    234e4dc1fca5bf5887bcb0edcc576151e01d1975194a1e990592c7cde2eda88ceef81347a9bd08c18950dd83d0a040b6ebafb98fd8e3bd45a144856bb794e122

Score
10/10
asyncratnewyearrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

NEWYEAR

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

79.134.225.34:6606

79.134.225.34:7707

79.134.225.34:8808
Mutex

yvlmeiqesk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    10

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      INVOICE_PAYMENT.exe

    • Size

      825KB

    • MD5

      d05c3e50c2fe19f0c73104fcdcc69b10

    • SHA1

      76d9509cfc31cc5dccf2dab9566a9145be2554bd

    • SHA256

      71279240d14f290a3b81f4a9a660c5cdb37d52c7c65c60f1fa035d5b05745537

    • SHA512

      7434d374919b6ad96cead1ae18d982bab0293be08dfd1eb6b37d5e1b3788424e14ccd0b0400fa1da5f8675453fdd2baadc7e5b560bf8a015ace75c59d6110516

    Score
    10/10
    asyncratnewyearrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks