Overview

overview

10

Static

static

cb714a8855...d1.exe

windows7-x64

10

cb714a8855...d1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1

  • Size

    312KB

  • Sample

    221129-kft7race35

  • MD5

    e807896c804f70ab207bc75bf293d9bb

  • SHA1

    d16108b1bc2d3e936f8f30ae897d38c1a4cdaf1e

  • SHA256

    cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1

  • SHA512

    0c7e370978fd1aa12f7f1ae5d3ce0bd52aa03ce2ab81017baef830b4c8d5b47357b37e12db79747d763826f1bec2f907eac5eaf3281a2b3274c0f2e15bd96651

  • SSDEEP

    6144:G9In5IRkTy7AfhhNNB4qjmhKV6oWfoSEtu1itWpNSn40X8tgrsu5:tiRkrJhNNBFjmsh2oSsWpNRLu5

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

mnbvclhg.duckdns.org:8026

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1

    • Size

      312KB

    • MD5

      e807896c804f70ab207bc75bf293d9bb

    • SHA1

      d16108b1bc2d3e936f8f30ae897d38c1a4cdaf1e

    • SHA256

      cb714a88554c55d7bf123dd8ba8940afe819e9eaaf18fc8a6e2cc404f7af0cd1

    • SHA512

      0c7e370978fd1aa12f7f1ae5d3ce0bd52aa03ce2ab81017baef830b4c8d5b47357b37e12db79747d763826f1bec2f907eac5eaf3281a2b3274c0f2e15bd96651

    • SSDEEP

      6144:G9In5IRkTy7AfhhNNB4qjmhKV6oWfoSEtu1itWpNSn40X8tgrsu5:tiRkrJhNNBFjmsh2oSsWpNRLu5

    Score
    10/10
    asyncratdefaultpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks