Overview

overview

10

Static

static

disposable...sk.exe

windows7_x64

10

disposable...sk.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c14651feca871981b348f84cdff30e690ebf92a45e6fe8dc3cf13848bf99c03

  • Size

    208KB

  • Sample

    220521-dxwnksgeb7

  • MD5

    2f312ab520f0b199712c9a59594281ba

  • SHA1

    434251040ac644ff140f4bdf99ca446dd9fb27f5

  • SHA256

    1c14651feca871981b348f84cdff30e690ebf92a45e6fe8dc3cf13848bf99c03

  • SHA512

    f2530d93f627e111745ff5cc4184db92b9bd92927bf0da5ce1a7d2e0697f39f86a9c53ff9a9e86d1590b107a4d3c08a77b6c37cedbf3cf713cfd49a44539e5f6

Score
10/10
asyncrathardhardcoreentityratrezer0

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

HARDHARD

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      disposable protective mask.exe

    • Size

      375KB

    • MD5

      e18ddc52047f3d3147d94db4bc50cb63

    • SHA1

      7d2f3257ce09b8fd7aad305cb23309348a4b9790

    • SHA256

      369e06999d4475ecc6e01a440ac20bebb744dbbf14b609c002f65379403f4be7

    • SHA512

      f0ebd0c7a72e6419b37a607ce282acebecec2c9c80356f35fddaaf3f0ec8edac0cd6b00d81ad0a61a377eb70e7c5a9bcca70cf7088232d74c79f7bea8bf4cf61

    Score
    10/10
    asyncrathardhardcoreentityratrezer0

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Async RAT payload

      rat

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks