Overview

overview

10

Static

static

9eb3067296...1e.exe

windows7-x64

10

9eb3067296...1e.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9eb30672961f46f8d28675af6a07dfdd3e07c2ce955ec0f135ead8475195b61e.exe

  • Size

    1.3MB

  • Sample

    221202-3lfknahg9x

  • MD5

    1a9f14de010f2c090d00b96aedf324d0

  • SHA1

    9adba3d0a2364f3c620c0f81a34963ed7c6834fe

  • SHA256

    9eb30672961f46f8d28675af6a07dfdd3e07c2ce955ec0f135ead8475195b61e

  • SHA512

    f57220a84f920c546b9cbb71a0055dd295ea3fb03994cccc30927c8640c55797ded4e5008e16699a6eb2521d6be4bc36117e3a2bab59436f9c597a3e457624e0

  • SSDEEP

    6144:PZMFMoMkKpwEZofkObAUQyo9tkLnncEU8tETO8u4qNlQf9HjmaDvTK0lMONbOVrS:vhT3FRTKBO6upHPijWdT

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

seznam.zapto.org:6606

seznam.zapto.org:7707

seznam.zapto.org:8808

millaa.publicvm.com:6606

millaa.publicvm.com:7707

millaa.publicvm.com:8808
Mutex

egleynudkbe

Attributes
  • delay

    6

  • install

    true

  • install_file

    microsefto.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      9eb30672961f46f8d28675af6a07dfdd3e07c2ce955ec0f135ead8475195b61e.exe

    • Size

      1.3MB

    • MD5

      1a9f14de010f2c090d00b96aedf324d0

    • SHA1

      9adba3d0a2364f3c620c0f81a34963ed7c6834fe

    • SHA256

      9eb30672961f46f8d28675af6a07dfdd3e07c2ce955ec0f135ead8475195b61e

    • SHA512

      f57220a84f920c546b9cbb71a0055dd295ea3fb03994cccc30927c8640c55797ded4e5008e16699a6eb2521d6be4bc36117e3a2bab59436f9c597a3e457624e0

    • SSDEEP

      6144:PZMFMoMkKpwEZofkObAUQyo9tkLnncEU8tETO8u4qNlQf9HjmaDvTK0lMONbOVrS:vhT3FRTKBO6upHPijWdT

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks