Overview

overview

10

Static

static

stuff.ps1

windows7_x64

10

stuff.ps1

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    stuff.ps1

  • Size

    188KB

  • Sample

    220413-2l9m3afhgl

  • MD5

    8254ae9b0d6365640abaf15d2d74a4ab

  • SHA1

    072d72634d8ddfe16e8065822797d61e8f2cf6a1

  • SHA256

    4c4940488f9f3281b8cf4e88d400d4b18285addc198021cbc7dc990b4ab10aa7

  • SHA512

    c84f06d269a0abfb5cff67a08b191468d7ba094830c994743e4f759eb6aba4d23de3f7290bd9cc2991ba01eca8c298734fe38397313f751456c111b72986f247

Score
10/10
asyncrat1ratsuricata

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

anderione.com:5252

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      stuff.ps1

    • Size

      188KB

    • MD5

      8254ae9b0d6365640abaf15d2d74a4ab

    • SHA1

      072d72634d8ddfe16e8065822797d61e8f2cf6a1

    • SHA256

      4c4940488f9f3281b8cf4e88d400d4b18285addc198021cbc7dc990b4ab10aa7

    • SHA512

      c84f06d269a0abfb5cff67a08b191468d7ba094830c994743e4f759eb6aba4d23de3f7290bd9cc2991ba01eca8c298734fe38397313f751456c111b72986f247

    Score
    10/10
    asyncrat1ratsuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks