Overview

overview

10

Static

static

79804cfea2...1b.exe

windows7-x64

10

79804cfea2...1b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79804cfea2659a8842450efceb06360b6cf5712d6e7685cb0244ab01d2ffd41b

  • Size

    73KB

  • Sample

    221130-wfdqjsca36

  • MD5

    10482931f17f3be85f40317d11e58018

  • SHA1

    34a80a5d490c6d0bdc78e8f391557ca08683bb51

  • SHA256

    79804cfea2659a8842450efceb06360b6cf5712d6e7685cb0244ab01d2ffd41b

  • SHA512

    32518611ed1ed3a627be57a6cf92b9fed5c5c955d39335c630cdbede72134ec601ac9ad075b1de3598a8ccc7f74a27b9bc2b8ad95093cf180e21225db8161263

  • SSDEEP

    1536:5SS/pmHEC0fEG7MNViGozuJZOiEnJuNCIzZpZ:5RpPC0fEG7uiGoCJYi+Jcpzt

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

minecraftmods.myftp.biz:7119

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Server.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      79804cfea2659a8842450efceb06360b6cf5712d6e7685cb0244ab01d2ffd41b

    • Size

      73KB

    • MD5

      10482931f17f3be85f40317d11e58018

    • SHA1

      34a80a5d490c6d0bdc78e8f391557ca08683bb51

    • SHA256

      79804cfea2659a8842450efceb06360b6cf5712d6e7685cb0244ab01d2ffd41b

    • SHA512

      32518611ed1ed3a627be57a6cf92b9fed5c5c955d39335c630cdbede72134ec601ac9ad075b1de3598a8ccc7f74a27b9bc2b8ad95093cf180e21225db8161263

    • SSDEEP

      1536:5SS/pmHEC0fEG7MNViGozuJZOiEnJuNCIzZpZ:5RpPC0fEG7uiGoCJYi+Jcpzt

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks