Overview

overview

10

Static

static

CC0DDA6446...58.exe

windows7-x64

10

CC0DDA6446...58.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CC0DDA64461CFC4A81291CAB7FBF1B5FB60E288D5A558.exe

  • Size

    469KB

  • Sample

    220928-2tdklaadbk

  • MD5

    e8c534e58ab2b4959830d1f7e695e133

  • SHA1

    01085c7b92329a6fa6995fdc1569a37218cd024b

  • SHA256

    cc0dda64461cfc4a81291cab7fbf1b5fb60e288d5a5587108fb8f2f9381fdf7f

  • SHA512

    94dbacca6a7fd1e14dd2327fab0a4f4e4e2f2f713a40adc1ad11549c134af3c57126786eef9474b3410e5a11360037dc175624289221601098fe74552a5c18ba

  • SSDEEP

    6144:m7IaUaM8HGFHp1fQNXAsZRzK4+rLL447qvOeB6f8vkPclAMDkM7pPOQMLeX5e98F:mv6f8cPw9IWmlLh6bZq7t

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808
Mutex

nqjzitvqsflofawip

Attributes
  • delay

    6

  • install

    true

  • install_file

    facaboooke.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      CC0DDA64461CFC4A81291CAB7FBF1B5FB60E288D5A558.exe

    • Size

      469KB

    • MD5

      e8c534e58ab2b4959830d1f7e695e133

    • SHA1

      01085c7b92329a6fa6995fdc1569a37218cd024b

    • SHA256

      cc0dda64461cfc4a81291cab7fbf1b5fb60e288d5a5587108fb8f2f9381fdf7f

    • SHA512

      94dbacca6a7fd1e14dd2327fab0a4f4e4e2f2f713a40adc1ad11549c134af3c57126786eef9474b3410e5a11360037dc175624289221601098fe74552a5c18ba

    • SSDEEP

      6144:m7IaUaM8HGFHp1fQNXAsZRzK4+rLL447qvOeB6f8vkPclAMDkM7pPOQMLeX5e98F:mv6f8cPw9IWmlLh6bZq7t

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks