Overview

overview

10

Static

static

34694c57b7...87.exe

windows7_x64

6

34694c57b7...87.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

  • Size

    436KB

  • Sample

    220222-rjv2sahgc4

  • MD5

    2fad587c95def3e0d8ad973c56734a6a

  • SHA1

    cd29d4ee1e27ab5f541f1674fc511134cb30c064

  • SHA256

    c757edff2fdc8e5d4afc3c82e69b03fdf6da3512934fab0021e8dfbf9298fd49

  • SHA512

    8ddad453f6ded73c93789d9c05441b6bd2b7d9279e4d20d5f2aa71587af43ff902e7fa2ff48375d2481ec02c20aad6afa955dc44172bfca7d3296059bce46ca8

Score
10/10
asyncrat1persistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

212.193.30.54:8755

Mutex

gyQ12!.,=FD7trew

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

    • Size

      671KB

    • MD5

      3c39836dedf6779a0207819c72238fa5

    • SHA1

      07433edf63057fff1e96ddbf5249aa2c50f69dbd

    • SHA256

      34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

    • SHA512

      f8a6810abf551f01aae3a8d7c2e6a3421aac3f0312301a5e12a28bfe9490ae064f5c8dd846113cf755a3d9b8f22b80f92b27ec6e4590b04a1629662f472a7086

    Score
    10/10
    persistenceasyncrat1rat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks