Overview

overview

10

Static

static

4abb165af5...a5.exe

windows7-x64

10

4abb165af5...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4abb165af5ad51597cc16b28ef97eca5.exe

  • Size

    585KB

  • Sample

    221014-e5dcmsgdam

  • MD5

    4abb165af5ad51597cc16b28ef97eca5

  • SHA1

    23a84b004ceffa09452139bd58b21a9d73450850

  • SHA256

    df95a91a118bfa7350b166825dce79c425b2b0e4bead92fc294bd2500d614bf3

  • SHA512

    06257d9c6cb09209a964ecaec3fea40e4c12c9b0f0fb29fd87c4dbf7a8e4ba55f71848ca917bc5b2854c374797c71f4c65812064968e657e7f5e1b222fbd290e

  • SSDEEP

    12288:139riVwf3iJ+HN3TFIja5R53bD5G/xXy0aiXiRsBivc+A57Fd1d93rdqz1D2YSTz:1Nriy/fTFIj9cVELd

Score
10/10
asyncratxmrigminerratupx

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

dgorijan20785.hopto.org:6606

dgorijan20785.hopto.org:7707

dgorijan20785.hopto.org:8808
Mutex

servtle28477

Attributes
  • delay

    5

  • install

    false

  • install_file

    wintskl.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      4abb165af5ad51597cc16b28ef97eca5.exe

    • Size

      585KB

    • MD5

      4abb165af5ad51597cc16b28ef97eca5

    • SHA1

      23a84b004ceffa09452139bd58b21a9d73450850

    • SHA256

      df95a91a118bfa7350b166825dce79c425b2b0e4bead92fc294bd2500d614bf3

    • SHA512

      06257d9c6cb09209a964ecaec3fea40e4c12c9b0f0fb29fd87c4dbf7a8e4ba55f71848ca917bc5b2854c374797c71f4c65812064968e657e7f5e1b222fbd290e

    • SSDEEP

      12288:139riVwf3iJ+HN3TFIja5R53bD5G/xXy0aiXiRsBivc+A57Fd1d93rdqz1D2YSTz:1Nriy/fTFIj9cVELd

    Score
    10/10
    asyncratxmrigminerratupx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Async RAT payload

      rat

    • XMRig Miner payload

      miner

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks