Overview

overview

10

Static

static

more.exe

windows7_x64

10

more.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    more.exe

  • Size

    299KB

  • Sample

    220421-yagalacfbl

  • MD5

    8594d64e02a9dd1fb5ab412e246fe599

  • SHA1

    d63784f4e964151b3b4e41bb5ed0c6597b56762f

  • SHA256

    1660e0ec19de33e8fc633f7f8538b0b19f05765ecdacc63f2e43bdc4c716096e

  • SHA512

    852f91245dce8ac5115feae6fc0a963b72810468f35d483497076e5a811c89eebd754673d7c48be78b77f6ac7bed3cfe6dba00666894dc3b5f3b15bf5ef2c36e

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

91.193.75.132:9191

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    images.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      more.exe

    • Size

      299KB

    • MD5

      8594d64e02a9dd1fb5ab412e246fe599

    • SHA1

      d63784f4e964151b3b4e41bb5ed0c6597b56762f

    • SHA256

      1660e0ec19de33e8fc633f7f8538b0b19f05765ecdacc63f2e43bdc4c716096e

    • SHA512

      852f91245dce8ac5115feae6fc0a963b72810468f35d483497076e5a811c89eebd754673d7c48be78b77f6ac7bed3cfe6dba00666894dc3b5f3b15bf5ef2c36e

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks