Overview

overview

10

Static

static

a.exe

windows7-x64

10

a.exe

windows10-2004-x64

1

b.ps1

windows7-x64

10

b.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2X.7z

  • Size

    622KB

  • Sample

    221203-kyw43ahf78

  • MD5

    881b284af7be463696242c9035252162

  • SHA1

    ed5638797838d5725b2c38c05c7a6e6993924d8f

  • SHA256

    bb18c7b410172561a4b61af74bab2db4e2120e8c15a28feb676188bac3747d44

  • SHA512

    6df04a2942c2eadc803f38d81c113ee7bd3ac91ecac0f4003149b79a03e157f11801fbd6b297bd5f6df70a42081b24618b893a21b139056bcdf24dc4532f448e

  • SSDEEP

    12288:QpZIeFscl8RuPtK/t9m9br3n7TNl/d7vZ9nJDVSNsNmFN4:QIIstYX/T3DVSN+m0

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

XieBroRAT-1.7

Botnet

Default

C2

127.0.0.1:8880

8079048a.e2.luyouxia.net:8880
Mutex

gorousdwoqxqqq

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      a.exe

    • Size

      1.4MB

    • MD5

      8a627782b855f06a3d6d273d11f04f46

    • SHA1

      30570c697533fc3fc7a19ad5d4bc3753f2cf1c0b

    • SHA256

      f0b7a0368fc27d98d42efd4e9c9dd2c252e5fcaaf13ffd67b3c545ec5b1c53e9

    • SHA512

      211fed71bcb75201380921a7de7bf8b88c451a5125f751be616a1775ad3c6a1d59ecc77aa997b053583c1a7d6419e4cfa8ff9bc99d50d1440bf34943d2c1a578

    • SSDEEP

      24576:xirh2DKsuoIj4G6KFined4e5+MRicaRT4D2aKpq9ZEjrTnFOyzhyz:Ir0DfFpG6S68+KaRTWNKpEEfTnF

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      b.ps1

    • Size

      310KB

    • MD5

      220e9238b05cb802d63f7d79d11b2a32

    • SHA1

      77324ddee92b5ee1c2d50680ea15dd6e28ef402b

    • SHA256

      248d8893d926c765d168bd48211650094dbcf8a8988c448f3b271c41bec8ca9d

    • SHA512

      748f9149ceaa46789938d66a87dad5c92a9beea65a7c84c07fa42378fdee70b1340d777fcfc78efcd85254660fd4a858fe10bd83464564cde7b12c01ebbcdb7a

    • SSDEEP

      6144:bgkc0c/OjocmHEk4Oz7XzoUdd9qkcM1E1nvwmtPEeJDCiRO9jEYMJD:bgkc0c/OjocmH5XXEUdd97t2Vvwm1Ee3

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks