Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    124KB

  • Sample

    221030-n34lgsafap

  • MD5

    5284960dae2439c297f945715ae10c36

  • SHA1

    b4be5b314fe573fb14d6074ba795ddd8fb78d944

  • SHA256

    accc29c7af47c1a42e7646a93b347f73fbb14a7a20177f3aad80ab26f4c819f4

  • SHA512

    a6259cc4b121d4b918490de6f6dcbaa9740f67174dadeef0965b8ba53fd196d2332a0b5d4fcf00d2da62b1e7ef095fb5b2d5dc57aecad6a3f2681475177dd3e6

  • SSDEEP

    3072:CuwGToVS2YFWt4bQa4tqsU1FJ+yC3pwRb6JPqB604Hgy7hRCd39vie:Cuw/fVt4bjCVJyB60OgyLC7vr

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

kadumello.ddns.net:1194

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    wermgr64.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      tmp

    • Size

      124KB

    • MD5

      5284960dae2439c297f945715ae10c36

    • SHA1

      b4be5b314fe573fb14d6074ba795ddd8fb78d944

    • SHA256

      accc29c7af47c1a42e7646a93b347f73fbb14a7a20177f3aad80ab26f4c819f4

    • SHA512

      a6259cc4b121d4b918490de6f6dcbaa9740f67174dadeef0965b8ba53fd196d2332a0b5d4fcf00d2da62b1e7ef095fb5b2d5dc57aecad6a3f2681475177dd3e6

    • SSDEEP

      3072:CuwGToVS2YFWt4bQa4tqsU1FJ+yC3pwRb6JPqB604Hgy7hRCd39vie:Cuw/fVt4bjCVJyB60OgyLC7vr

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks