Overview

overview

10

Static

static

762c259cf0...8e.exe

windows7_x64

10

762c259cf0...8e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    762c259cf0068e583cc70d8839c65bb87401de2f926f8306c66d83e7d7cfda8e

  • Size

    239KB

  • Sample

    220701-r46c9agffn

  • MD5

    f3e095480b743b91e227a56dc90f961f

  • SHA1

    c173a87c984a20bf5e3751351e144a62de4ae269

  • SHA256

    762c259cf0068e583cc70d8839c65bb87401de2f926f8306c66d83e7d7cfda8e

  • SHA512

    d7fb57e80d720221aeb1674d7aa967e3c87b334f13c76c26e81d22cc0877d4921deffe37670093de83ebcbf488cdf654eadd12ce9cbd97517068621ec3a15de0

Score
10/10
asyncratpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

soft.tjsosda.com:1989

sure.spdns.de:1989

hurricane.rapiddns.ru:1989
Mutex

admin2214

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      762c259cf0068e583cc70d8839c65bb87401de2f926f8306c66d83e7d7cfda8e

    • Size

      239KB

    • MD5

      f3e095480b743b91e227a56dc90f961f

    • SHA1

      c173a87c984a20bf5e3751351e144a62de4ae269

    • SHA256

      762c259cf0068e583cc70d8839c65bb87401de2f926f8306c66d83e7d7cfda8e

    • SHA512

      d7fb57e80d720221aeb1674d7aa967e3c87b334f13c76c26e81d22cc0877d4921deffe37670093de83ebcbf488cdf654eadd12ce9cbd97517068621ec3a15de0

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks