Overview

overview

10

Static

static

Payment Co...py.exe

windows7_x64

10

Payment Co...py.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Confirmation Copy.exe

  • Size

    565KB

  • Sample

    220629-xmgapadgg9

  • MD5

    4e64f89d91a60220d759b92fb251fb86

  • SHA1

    b60d7ca6732723189624a3a4712796f1698f82c9

  • SHA256

    166841dc3992fa90af30558c68eb9176e7d653fc1f98078e4583e68e2c167dc0

  • SHA512

    e390b04bfa0512c14ee8f79ba6facf50a5ae7205c70d0d7b590e1382586e2c8a7f0015c12004bcc06ff82e9531cc33946fe39637a7774020d85ad99d852eaa49

Score
10/10
asyncratdefaultratsuricata

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

62.197.136.146:6606

62.197.136.146:7707

62.197.136.146:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Payment Confirmation Copy.exe

    • Size

      565KB

    • MD5

      4e64f89d91a60220d759b92fb251fb86

    • SHA1

      b60d7ca6732723189624a3a4712796f1698f82c9

    • SHA256

      166841dc3992fa90af30558c68eb9176e7d653fc1f98078e4583e68e2c167dc0

    • SHA512

      e390b04bfa0512c14ee8f79ba6facf50a5ae7205c70d0d7b590e1382586e2c8a7f0015c12004bcc06ff82e9531cc33946fe39637a7774020d85ad99d852eaa49

    Score
    10/10
    asyncratdefaultratsuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks