Overview

overview

10

Static

static

Purchase__Order.exe

windows7_x64

10

Purchase__Order.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5e7b198022979048735000654f0eefd356fbe2e4a084d2e5c38860c0452b4d4

  • Size

    372KB

  • Sample

    220521-xkfldabhf2

  • MD5

    a0536882a96887d395f764ca79afff69

  • SHA1

    c6512c136aec27bac81c42ee41c470f78858852b

  • SHA256

    e5e7b198022979048735000654f0eefd356fbe2e4a084d2e5c38860c0452b4d4

  • SHA512

    dcaeb879cf2ed0d464e5ab5b45c49ec9113deb8c766599c13a12213b500fb906b711db9f9e5953998c5bf945c73a37530a680bca3da6a2d2a73e009b97837d62

Score
10/10
asyncratslaves mondayrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

SLAVES MONDAY

C2

194.5.98.81:3434

Mutex

AsyncMutex_6363f86fs6fw6f

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Purchase__Order.exe

    • Size

      535KB

    • MD5

      a08f53208b0832720dc057d5b2d17e97

    • SHA1

      fe2ef8a2d445b410fa67a681285a3eab290ad295

    • SHA256

      ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899

    • SHA512

      b349117988ebb5f4f6963697cb00c1a02f18f5b5d288ba84d8429e7cb63ca145ee157d0b6c40728da2dda59611c240884c76e01252aff368fca30ceb5455f6c2

    Score
    10/10
    asyncratslaves mondayrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks