Overview

overview

10

Static

static

IMG-283658...32.exe

windows7-x64

10

IMG-283658...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG-2836587370235962 CONFIRMACION IMPORTANTE SEPTIEMBRE 28 DEL 2022 PAGO CONFIRMADO 28735632.exe

  • Size

    682KB

  • Sample

    220929-gas6qaahhp

  • MD5

    676c0dc4accfc58d7cedfe9b544c456e

  • SHA1

    63a8829f1df9810a060d250c97e45de907b7271d

  • SHA256

    d324b32996fd470c9ea052d89204013de0d4abca7f8361dbda963a3e3d0823ab

  • SHA512

    79ac14bf0956948f2809f00520cc704e0e71a285fda76d282b80089fd78fe9596ee17ac0ce7012e6c871f1e0458b7ded42afc78958b5a714f97c41b54ad342ed

  • SSDEEP

    12288:MYgJiMPWUb118Pu34lE8ySdGuf1Ogxd9o7ydCOnPjojKjyTzL9r8Y9HH+1bX9r:hgJiqWU5Sm34i8ySdGutLLRC+PjoEyn8

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

danielmaestrelora09.duckdns.org:1994

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      IMG-2836587370235962 CONFIRMACION IMPORTANTE SEPTIEMBRE 28 DEL 2022 PAGO CONFIRMADO 28735632.exe

    • Size

      682KB

    • MD5

      676c0dc4accfc58d7cedfe9b544c456e

    • SHA1

      63a8829f1df9810a060d250c97e45de907b7271d

    • SHA256

      d324b32996fd470c9ea052d89204013de0d4abca7f8361dbda963a3e3d0823ab

    • SHA512

      79ac14bf0956948f2809f00520cc704e0e71a285fda76d282b80089fd78fe9596ee17ac0ce7012e6c871f1e0458b7ded42afc78958b5a714f97c41b54ad342ed

    • SSDEEP

      12288:MYgJiMPWUb118Pu34lE8ySdGuf1Ogxd9o7ydCOnPjojKjyTzL9r8Y9HH+1bX9r:hgJiqWU5Sm34i8ySdGutLLRC+PjoEyn8

    Score
    10/10
    asyncratdefaultpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks