Overview

overview

10

Static

static

PO1807200020_XLS.scr

windows7_x64

10

PO1807200020_XLS.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96ed613ad847a5a835426e8d4da7aa674f504435c953c0414af100a870b2773a

  • Size

    179KB

  • Sample

    220521-phrlvsfda8

  • MD5

    ab55effc282008837ac08a3665c2200d

  • SHA1

    9fe95ea62f8cbb42a64518efbbdc65969201193c

  • SHA256

    96ed613ad847a5a835426e8d4da7aa674f504435c953c0414af100a870b2773a

  • SHA512

    12dd16e0fcb2b9fee5b4d2dd0be990aa8960796b4d3e1e621d93cc9b7b385b801c1b3b655c790f04435374c6ed3f35322cc0e50e5f9d6157cd8fa2799bf87ff3

Score
10/10
asyncrat5persistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

Botnet

5

C2

62.102.148.158:62727

82.102.28.107:62727
Mutex

xfndfpqfqzwft

Attributes
  • delay

    0

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PO1807200020_XLS.scr

    • Size

      271KB

    • MD5

      981ee0bdf8ccd8ecaba13eefa6c58fb9

    • SHA1

      a70e9310bf6bd033710321e1dfe77d3377237c36

    • SHA256

      b05af3b65673a21e658075117c050ce9ebdf47634b64e354a6abf241fc8e8a9e

    • SHA512

      ec52f6bd62bbf21de8be391cd2a16ffee274ed5462d5bf23c15d7eea0f535f5741389a15fed9e0ac1feb3c317120a02afd8527ce5493591c54edd4340654686d

    Score
    10/10
    asyncrat5persistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks