Overview

overview

10

Static

static

1590B15121...4B.exe

windows7-x64

10

1590B15121...4B.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1590B1512142D6C974828FC11958A9A5FFDB6673A584B.exe

  • Size

    309KB

  • Sample

    221004-yd4v3acedr

  • MD5

    f4e3415d68ba7564f1400b74e4d7e22b

  • SHA1

    a4a3b80c28db771c0b15c543daa56a229467fdf3

  • SHA256

    1590b1512142d6c974828fc11958a9a5ffdb6673a584b15fda7f93768f639a54

  • SHA512

    8c1a0d8db17301bdc6e2e3c16f953c1fd69ba76e887c797d64eb952155dc204a11b8f04181207cae7723aebddf638031e96225131a2006d07c43eb0555f207d7

  • SSDEEP

    6144:h8u3J4+CQ6otk3BPuzoqANdyl6/5rLlj/T+/1aoaorg9v4EqP4EXPav0XXXXX3hM:0K1aoaCgR4HP4KPHXXXXX3hXXXXXX3Xs

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808
Mutex

urulyqqdpunjfhquxdy

Attributes
  • delay

    8

  • install

    true

  • install_file

    folders.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1590B1512142D6C974828FC11958A9A5FFDB6673A584B.exe

    • Size

      309KB

    • MD5

      f4e3415d68ba7564f1400b74e4d7e22b

    • SHA1

      a4a3b80c28db771c0b15c543daa56a229467fdf3

    • SHA256

      1590b1512142d6c974828fc11958a9a5ffdb6673a584b15fda7f93768f639a54

    • SHA512

      8c1a0d8db17301bdc6e2e3c16f953c1fd69ba76e887c797d64eb952155dc204a11b8f04181207cae7723aebddf638031e96225131a2006d07c43eb0555f207d7

    • SSDEEP

      6144:h8u3J4+CQ6otk3BPuzoqANdyl6/5rLlj/T+/1aoaorg9v4EqP4EXPav0XXXXX3hM:0K1aoaCgR4HP4KPHXXXXX3hXXXXXX3Xs

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks