Overview

overview

10

Static

static

47999d24a6...82.exe

windows7-x64

10

47999d24a6...82.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8026666183.zip

  • Size

    1.4MB

  • Sample

    220928-ssqdbsgcf9

  • MD5

    39b587a9dae60cbc862f35c71d6a6fda

  • SHA1

    55f975f00acfb9fd6b484a1ab7ff30879fc9ca21

  • SHA256

    5c43677f344e5f1bfaf29aeba0e69a020eef92b8555d6637f74de0e404a640f2

  • SHA512

    c503f4bffae95f5acc1a2beeaa19d57f47af20d18f37ec8d05361bc4e30cf690d4400c7d13d4126b36c96614cfe3c0f8b7bc642fc4b093bbeb6a355ff98de88c

  • SSDEEP

    24576:dZrveRC5R5kq0imLHbIP00m1E9s2IMhIo+8osq5Og+wZd4P2wo:dcR45Jpmjbkt9MonmcglW2t

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

190.123.44.184:8012

190.123.44.184:8201

190.123.44.184:3321
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      47999d24a62260aceac07d042e065e8000173124ca9b8d13ac2516338b5cd282

    • Size

      1.5MB

    • MD5

      26454b46bef46b885e8477922d3d08d4

    • SHA1

      add2c041f12ce35e621dd3e162a61a7196eee48c

    • SHA256

      47999d24a62260aceac07d042e065e8000173124ca9b8d13ac2516338b5cd282

    • SHA512

      a9a41ccbc6b98cbfb7a0b6c2843f35fc895e6ec9556848ac4dd93e8e2a40b2079b906c2ee6fa90857cf267215cf2088c8f97828c9b3e40f80e6ad2e57d67da98

    • SSDEEP

      49152:Ag6cnCiIkofSoKkVOUUi12RK27PB6yy0E6MenVeUQu:4VdSF3i12XDB62thUUj

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks