Overview

overview

10

Static

static

T00WKSAU00...02.exe

windows7-x64

10

T00WKSAU00...02.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    T00WKSAU002DHSRQW_002.exe

  • Size

    300.0MB

  • Sample

    221014-v9y3xadhgk

  • MD5

    707a86802d4275cda27b6e989b691e0a

  • SHA1

    5eb007b7e7f3ac28363329904493e443a15cdabf

  • SHA256

    0a8e413babd867a1bdbbdba1e7c56643c9e13d5d26a6d803c7846f2af201936c

  • SHA512

    511a407bedd29e7b69d03a031d16a1f0d46e2ce789065bfc427ef296e3c090d2cf2d5d1757533b5c70d3935f2baf1686b1618df11548f1ea7478d8ede88edb60

  • SSDEEP

    3072:rvOIfhz+4a0+9bdRvixoww6r50iis79KfTYVY:hA10+9HvQ15Fjod

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

thoe409.duckdns.org:6739

thoe409.duckdns.org:7301

thoe409.duckdns.org:7808

thoe409.duckdns.org:8333

thoe409.duckdns.org:6112

thoe409.duckdns.org:7553

thoe409.duckdns.org:6443
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      T00WKSAU002DHSRQW_002.exe

    • Size

      300.0MB

    • MD5

      707a86802d4275cda27b6e989b691e0a

    • SHA1

      5eb007b7e7f3ac28363329904493e443a15cdabf

    • SHA256

      0a8e413babd867a1bdbbdba1e7c56643c9e13d5d26a6d803c7846f2af201936c

    • SHA512

      511a407bedd29e7b69d03a031d16a1f0d46e2ce789065bfc427ef296e3c090d2cf2d5d1757533b5c70d3935f2baf1686b1618df11548f1ea7478d8ede88edb60

    • SSDEEP

      3072:rvOIfhz+4a0+9bdRvixoww6r50iis79KfTYVY:hA10+9HvQ15Fjod

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks