Overview

overview

10

Static

static

PURCHASE.exe

windows7_x64

10

PURCHASE.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c5c5bc4ca2e0155fd16336a31d07217e9e14e408ac20a08449b1695749c89c4

  • Size

    1.2MB

  • Sample

    220701-r9hjdahaar

  • MD5

    72f6c1e85777bb08a7e7e894a30fef28

  • SHA1

    6d2b269adb2b4ebc2d103db528187f2a69696ca8

  • SHA256

    5c5c5bc4ca2e0155fd16336a31d07217e9e14e408ac20a08449b1695749c89c4

  • SHA512

    07e0ad4294ef66fa8df9248b4e3ab6ef9bdc49658a29ad9cba80fdf3220410e1c50acfd078e8cf0054ac1d30ca1b74f4a22fa18b1f804d83b43459230dfb7617

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6B

C2

winx.xcapdatap.capetown:6204

Mutex

hmbjrgljbnj

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PURCHASE.EXE

    • Size

      201KB

    • MD5

      aa52fd0aa99adfc2583c41bd67b51b7d

    • SHA1

      661a6a80a85d7b0e18e143b6b4909d347d2d438d

    • SHA256

      87f439c9aa08113e367a322741a35e2c656a88e9d85e9dacdaf5157ada76f205

    • SHA512

      d24c1fa34934f989cc644b68522932380fa1957ff3213b1b352c6de9684453eceec0d5f6f1ef98321cf581659b80feb9755298761c32a07b4d8820aa19f78f3a

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks