Overview

overview

10

Static

static

OFFICIAL_C...df.exe

windows7-x64

10

OFFICIAL_C...df.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    OFFICIAL_COMPLAINT.pdf.exe

  • Size

    708KB

  • Sample

    220922-a87y7schhr

  • MD5

    6e13925c2fc058894e280d6242e4213f

  • SHA1

    f1136ed727f0d08be42a8db1a8644c359313d835

  • SHA256

    51b5dde2fc847c795bb2c2c797d2ac860ffcb4814b1746000505d3b0bb03c7c2

  • SHA512

    f0884b6433fe95d278f166391f864b31984b6e39b4b4ebe414426852cbc6f3a0eb5802f44576904f76a28258ceee8dc8238c4865b896c3d7acaf936a77710931

  • SSDEEP

    6144:iTFnJNA/j3y3gfih0m+3no6/PNLfVnwHrtDysnbi4RF3LPx/0fYy8zZk76QeY+gn:CFnvskHrtppF3LPc8zeb61+qeeIu

Score
10/10
asyncrat20/09/2022rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

20/09/2022

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

niiarmah.kozow.com:6606

niiarmah.kozow.com:7707

niiarmah.kozow.com:8808
Mutex

Updates_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      OFFICIAL_COMPLAINT.pdf.exe

    • Size

      708KB

    • MD5

      6e13925c2fc058894e280d6242e4213f

    • SHA1

      f1136ed727f0d08be42a8db1a8644c359313d835

    • SHA256

      51b5dde2fc847c795bb2c2c797d2ac860ffcb4814b1746000505d3b0bb03c7c2

    • SHA512

      f0884b6433fe95d278f166391f864b31984b6e39b4b4ebe414426852cbc6f3a0eb5802f44576904f76a28258ceee8dc8238c4865b896c3d7acaf936a77710931

    • SSDEEP

      6144:iTFnJNA/j3y3gfih0m+3no6/PNLfVnwHrtDysnbi4RF3LPx/0fYy8zZk76QeY+gn:CFnvskHrtppF3LPc8zeb61+qeeIu

    Score
    10/10
    asyncrat20/09/2022rat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks