Overview

overview

10

Static

static

fb657035d6...07.exe

windows7_x64

10

fb657035d6...07.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

  • Size

    390KB

  • Sample

    220502-nvw7fafaap

  • MD5

    2777f662fe6d094fb8726aae2a6b39a6

  • SHA1

    a643a95a7f45a612f45c4d398630b8b641b49bb7

  • SHA256

    fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

  • SHA512

    d2974a64b8a780f099f5bc67d03a7d90a8824f01b12be7f3c1803c7b68772c2b1622b3864578d2fa4e636a1154ff22f1a1f821a2330bca5daa99591e962ab23e

Score
10/10
asyncratrevengeratdefaultnyancatrevengerattrojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

travazap.duckdns.org:4040

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

travazap2.duckdns.org:2021

Mutex

3ddc53446da

Targets

    • Target

      fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

    • Size

      390KB

    • MD5

      2777f662fe6d094fb8726aae2a6b39a6

    • SHA1

      a643a95a7f45a612f45c4d398630b8b641b49bb7

    • SHA256

      fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

    • SHA512

      d2974a64b8a780f099f5bc67d03a7d90a8824f01b12be7f3c1803c7b68772c2b1622b3864578d2fa4e636a1154ff22f1a1f821a2330bca5daa99591e962ab23e

    Score
    10/10
    asyncratrevengeratdefaultnyancatrevengerattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks