Malware sandboxing report by Hatching Triage

General

Target

e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
Size

22KB
Sample

221205-ybat7scf8z
MD5

06fb7cb5cffd57be6f12123ec580c3a1
SHA1

c90f12ae2750e6ddda21a9872aca52d39c36af1f
SHA256

9417ab864a13ed59912fa5aa340d29c86e8a8552e946174a1ca72cf79846c796
SHA512

6a71f9db208c017d8c3dd554a5051c02fab12e593ea97b55bb477d214ffa2307070bd4d558f97424e04c2a0fb6773c3883fd3020d5779d5e69cbd36c57e7e03b
SSDEEP

384:2vX0gbU/cL3K/k699hh5uGX9k/kTXcuLe0HzUvA6K0SUa975ah+q8QCZ3DmSj:2vE66Tw29lIuLdHzUY6oUa975ahd8QCn

Score

10^/10

Malware Config

Extracted

Family	asyncrat
Version	0.5.7B
Botnet	Default
C2	127.0.0.1:6606 127.0.0.1:7707 127.0.0.1:8808 127.0.0.1:51115 127.0.0.1:26993 127.0.0.1:19624 127.0.0.1:12336 127.0.0.1:18867 185.246.220.26:6606 185.246.220.26:7707 185.246.220.26:8808 185.246.220.26:51115 185.246.220.26:26993 185.246.220.26:19624 185.246.220.26:12336 185.246.220.26:18867 5.tcp.ngrok.io:6606 5.tcp.ngrok.io:7707 5.tcp.ngrok.io:8808 5.tcp.ngrok.io:51115 5.tcp.ngrok.io:26993 5.tcp.ngrok.io:19624 5.tcp.ngrok.io:12336 5.tcp.ngrok.io:18867 disownnet.duckdns.org:6606 disownnet.duckdns.org:7707 disownnet.duckdns.org:8808 disownnet.duckdns.org:51115 disownnet.duckdns.org:26993 disownnet.duckdns.org:19624 disownnet.duckdns.org:12336 disownnet.duckdns.org:18867 7.tcp.eu.ngrok.io:6606 7.tcp.eu.ngrok.io:7707 7.tcp.eu.ngrok.io:8808 7.tcp.eu.ngrok.io:51115 7.tcp.eu.ngrok.io:26993 7.tcp.eu.ngrok.io:19624 7.tcp.eu.ngrok.io:12336 7.tcp.eu.ngrok.io:18867 6.tcp.eu.ngrok.io::6606 6.tcp.eu.ngrok.io::7707 6.tcp.eu.ngrok.io::8808 6.tcp.eu.ngrok.io::51115 6.tcp.eu.ngrok.io::26993 6.tcp.eu.ngrok.io::19624 6.tcp.eu.ngrok.io::12336 6.tcp.eu.ngrok.io::18867 0.tcp.eu.ngrok.io:6606 0.tcp.eu.ngrok.io:7707 0.tcp.eu.ngrok.io:8808 0.tcp.eu.ngrok.io:51115 0.tcp.eu.ngrok.io:26993 0.tcp.eu.ngrok.io:19624 0.tcp.eu.ngrok.io:12336 0.tcp.eu.ngrok.io:18867 127.0.0.1:6606 127.0.0.1:7707 127.0.0.1:8808 127.0.0.1:51115 127.0.0.1:26993 127.0.0.1:19624 127.0.0.1:12336 127.0.0.1:18867 185.246.220.26:6606 185.246.220.26:7707 185.246.220.26:8808 185.246.220.26:51115 185.246.220.26:26993 185.246.220.26:19624 185.246.220.26:12336 185.246.220.26:18867 5.tcp.ngrok.io:6606 5.tcp.ngrok.io:7707 5.tcp.ngrok.io:8808 5.tcp.ngrok.io:51115 5.tcp.ngrok.io:26993 5.tcp.ngrok.io:19624 5.tcp.ngrok.io:12336 5.tcp.ngrok.io:18867 disownnet.duckdns.org:6606 disownnet.duckdns.org:7707 disownnet.duckdns.org:8808 disownnet.duckdns.org:51115 disownnet.duckdns.org:26993 disownnet.duckdns.org:19624 disownnet.duckdns.org:12336 disownnet.duckdns.org:18867 7.tcp.eu.ngrok.io:6606 7.tcp.eu.ngrok.io:7707 7.tcp.eu.ngrok.io:8808 7.tcp.eu.ngrok.io:51115 7.tcp.eu.ngrok.io:26993 7.tcp.eu.ngrok.io:19624 7.tcp.eu.ngrok.io:12336 7.tcp.eu.ngrok.io:18867 6.tcp.eu.ngrok.io::6606 6.tcp.eu.ngrok.io::7707 6.tcp.eu.ngrok.io::8808 6.tcp.eu.ngrok.io::51115 6.tcp.eu.ngrok.io::26993 6.tcp.eu.ngrok.io::19624 6.tcp.eu.ngrok.io::12336 6.tcp.eu.ngrok.io::18867 0.tcp.eu.ngrok.io:6606 0.tcp.eu.ngrok.io:7707 0.tcp.eu.ngrok.io:8808 0.tcp.eu.ngrok.io:51115 0.tcp.eu.ngrok.io:26993 0.tcp.eu.ngrok.io:19624 0.tcp.eu.ngrok.io:12336 0.tcp.eu.ngrok.io:18867
Attributes	delay 3 install false install_file services.exe install_folder %AppData%
aes.plain

Targets

- Target
  
  e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
- Size
  
  45KB
- MD5
  
  0cc7f8e51472da44590a6c5d75c79fab
- SHA1
  
  8ed33016c219fed6d4c77472f7a51aea62aaf739
- SHA256
  
  e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd
- SHA512
  
  37c7799f1bfbd8e66e7e89afc9c4dd8e578eaf18ce5104b0386f75081f4cb8ab485750544155f27d2d22ceb36a0613545d02256de377bddc1e1dde58e2194837
- SSDEEP
  
  768:2uJtpTP3tcsWUOSmqmo2qV6KjGKG6PIyzjbFgX3i8qmuE9w+BDZIx:2uJtpTPdb2FKYDy3bCXSLmR9HdIx
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

AsyncRat

Async RAT payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2