Malware sandboxing report by Hatching Triage

General

Target

e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
Size

22KB
Sample

221205-ybat7scf8z
MD5

06fb7cb5cffd57be6f12123ec580c3a1
SHA1

c90f12ae2750e6ddda21a9872aca52d39c36af1f
SHA256

9417ab864a13ed59912fa5aa340d29c86e8a8552e946174a1ca72cf79846c796
SHA512

6a71f9db208c017d8c3dd554a5051c02fab12e593ea97b55bb477d214ffa2307070bd4d558f97424e04c2a0fb6773c3883fd3020d5779d5e69cbd36c57e7e03b
SSDEEP

384:2vX0gbU/cL3K/k699hh5uGX9k/kTXcuLe0HzUvA6K0SUa975ah+q8QCZ3DmSj:2vE66Tw29lIuLdHzUY6oUa975ahd8QCn

Score

10^/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:51115

127.0.0.1:26993

127.0.0.1:19624

127.0.0.1:12336

127.0.0.1:18867

185.246.220.26:6606

185.246.220.26:7707

185.246.220.26:8808

185.246.220.26:51115

185.246.220.26:26993

185.246.220.26:19624

185.246.220.26:12336

185.246.220.26:18867

5.tcp.ngrok.io:6606

5.tcp.ngrok.io:7707

5.tcp.ngrok.io:8808

5.tcp.ngrok.io:51115

Attributes

delay
3
install
false
install_file
services.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
- Size
  
  45KB
- MD5
  
  0cc7f8e51472da44590a6c5d75c79fab
- SHA1
  
  8ed33016c219fed6d4c77472f7a51aea62aaf739
- SHA256
  
  e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
- SHA512
  
  37c7799f1bfbd8e66e7e89afc9c4dd8e578eaf18ce5104b0386f75081f4cb8ab485750544155f27d2d22ceb36a0613545d02256de377bddc1e1dde58e2194837
- SSDEEP
  
  768:2uJtpTP3tcsWUOSmqmo2qV6KjGKG6PIyzjbFgX3i8qmuE9w+BDZIx:2uJtpTPdb2FKYDy3bCXSLmR9HdIx
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

AsyncRat

Async RAT payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2