General

  • Target

    e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd

  • Size

    22KB

  • Sample

    221205-ybat7scf8z

  • MD5

    06fb7cb5cffd57be6f12123ec580c3a1

  • SHA1

    c90f12ae2750e6ddda21a9872aca52d39c36af1f

  • SHA256

    9417ab864a13ed59912fa5aa340d29c86e8a8552e946174a1ca72cf79846c796

  • SHA512

    6a71f9db208c017d8c3dd554a5051c02fab12e593ea97b55bb477d214ffa2307070bd4d558f97424e04c2a0fb6773c3883fd3020d5779d5e69cbd36c57e7e03b

  • SSDEEP

    384:2vX0gbU/cL3K/k699hh5uGX9k/kTXcuLe0HzUvA6K0SUa975ah+q8QCZ3DmSj:2vE66Tw29lIuLdHzUY6oUa975ahd8QCn

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:51115

127.0.0.1:26993

127.0.0.1:19624

127.0.0.1:12336

127.0.0.1:18867

185.246.220.26:6606

185.246.220.26:7707

185.246.220.26:8808

185.246.220.26:51115

185.246.220.26:26993

185.246.220.26:19624

185.246.220.26:12336

185.246.220.26:18867

5.tcp.ngrok.io:6606

5.tcp.ngrok.io:7707

5.tcp.ngrok.io:8808

5.tcp.ngrok.io:51115

Attributes
delay
3
install
false
install_file
services.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd

    • Size

      45KB

    • MD5

      0cc7f8e51472da44590a6c5d75c79fab

    • SHA1

      8ed33016c219fed6d4c77472f7a51aea62aaf739

    • SHA256

      e77ea383f781353cbc8f17911ce918634025e5bd1242591eceda11c8d135c7bd

    • SHA512

      37c7799f1bfbd8e66e7e89afc9c4dd8e578eaf18ce5104b0386f75081f4cb8ab485750544155f27d2d22ceb36a0613545d02256de377bddc1e1dde58e2194837

    • SSDEEP

      768:2uJtpTP3tcsWUOSmqmo2qV6KjGKG6PIyzjbFgX3i8qmuE9w+BDZIx:2uJtpTPdb2FKYDy3bCXSLmR9HdIx

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks