General

  • Target

    a2488b9d02c16c8f4227e7657d066c47.exe

  • Size

    76KB

  • Sample

    221004-ktv17sadb4

  • MD5

    a2488b9d02c16c8f4227e7657d066c47

  • SHA1

    de1a49fc402e04109f1549846c542cb0aa483371

  • SHA256

    c96718e4f79dbc5e868f55720c77af071011de9b7dbd239243cc8a8604235822

  • SHA512

    2771ae5cc4b024750c76528cf5a678af44d56950663a859a36aaa5d0bedacd39a65a7a1e10197511a5b0ae7cd803ddfc0f8d18956b418b2a6eb4f20a0829713c

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

drax

C2

azazws6606.linkpc.net:6606

Attributes
delay
3
install
false
install_folder
%AppData%
aes.plain

Targets

    • Target

      a2488b9d02c16c8f4227e7657d066c47.exe

    • Size

      76KB

    • MD5

      a2488b9d02c16c8f4227e7657d066c47

    • SHA1

      de1a49fc402e04109f1549846c542cb0aa483371

    • SHA256

      c96718e4f79dbc5e868f55720c77af071011de9b7dbd239243cc8a8604235822

    • SHA512

      2771ae5cc4b024750c76528cf5a678af44d56950663a859a36aaa5d0bedacd39a65a7a1e10197511a5b0ae7cd803ddfc0f8d18956b418b2a6eb4f20a0829713c

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation