General

  • Target

    f559c085934e6e7d98e6d520684196eb.exe

  • Size

    45KB

  • Sample

    221205-wa5xvaef7z

  • MD5

    f559c085934e6e7d98e6d520684196eb

  • SHA1

    3a829e2faeaa5a48556770cc159a4e291a91a9c3

  • SHA256

    198886528a13c0f7f03536bac4a5c449d3b21131887efa7595c9e9a56a2cfc0e

  • SHA512

    7451ae89f1df93613069ea4056d9f23b1d8c71636487ee888b39e7887181b03c2f7183673468ead5fec2d0c50396b6545a623e6627a88f0268a68bab47d67f79

  • SSDEEP

    768:SubrdT5UohzWUfpdBmo2qV6KjGKG6PIyzjbFgX3iUqaPkMapBDZHx:SubrdT5Pf2FKYDy3bCXSUqQE3dHx

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:51115

127.0.0.1:26993

127.0.0.1:19624

185.246.220.26:6606

185.246.220.26:7707

185.246.220.26:8808

185.246.220.26:51115

185.246.220.26:26993

185.246.220.26:19624

5.tcp.ngrok.io:6606

5.tcp.ngrok.io:7707

5.tcp.ngrok.io:8808

5.tcp.ngrok.io:51115

5.tcp.ngrok.io:26993

5.tcp.ngrok.io:19624

disownnet.duckdns.org:6606

disownnet.duckdns.org:7707

Attributes
delay
3
install
false
install_file
services.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      f559c085934e6e7d98e6d520684196eb.exe

    • Size

      45KB

    • MD5

      f559c085934e6e7d98e6d520684196eb

    • SHA1

      3a829e2faeaa5a48556770cc159a4e291a91a9c3

    • SHA256

      198886528a13c0f7f03536bac4a5c449d3b21131887efa7595c9e9a56a2cfc0e

    • SHA512

      7451ae89f1df93613069ea4056d9f23b1d8c71636487ee888b39e7887181b03c2f7183673468ead5fec2d0c50396b6545a623e6627a88f0268a68bab47d67f79

    • SSDEEP

      768:SubrdT5UohzWUfpdBmo2qV6KjGKG6PIyzjbFgX3iUqaPkMapBDZHx:SubrdT5Pf2FKYDy3bCXSUqQE3dHx

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks