Overview

overview

10

Static

static

doc.exe

windows7_x64

10

doc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d73a7c1afcc1074d86c01ac1ab22ae2309ba3747e07791428c62e9e0ded1750e

  • Size

    204KB

  • Sample

    220521-nc76zsgfbj

  • MD5

    729de4ba848cf094fc5422838a65552f

  • SHA1

    1e00094855bb4b740dc49b9d61c76b7a55b14973

  • SHA256

    d73a7c1afcc1074d86c01ac1ab22ae2309ba3747e07791428c62e9e0ded1750e

  • SHA512

    8aad983cb7b0685dfe9973bcdf1798f15ea2aa62dcfa7cef4df4af16454cc8d236d2fc312cac7e5b800f163ec781d2e6485e67b7415c09533fde09d002694666

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:8080

88.198.101.62:6606

88.198.101.62:7707

88.198.101.62:8808

88.198.101.62:8080

88.198.101.59:6606

88.198.101.59:7707

88.198.101.59:8808

88.198.101.59:8080

203.186.44.219:6606

203.186.44.219:7707

203.186.44.219:8808

203.186.44.219:8080
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    word.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      doc.exe

    • Size

      483KB

    • MD5

      5290763d68b81f1301717a3aafda9d69

    • SHA1

      d2c437a9030674b37f9e80e19d583f2edee8d70a

    • SHA256

      1cd2c7b23c2504dc1e5a6fc7feb56402abd74c58075ef700b1316b83f6d2f0d4

    • SHA512

      4d6b3dc514af2ca074bd4836da126523d8b63e2c4495a9ead00b0c31365067c7d9365ae80ba71fe49ba78a9b2cf6e925695bf4ad79dcfc0cba4702b13b4ccaaa

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks