Overview

overview

10

Static

static

10

windll32.exe

windows7-x64

10

windll32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    windll32.exe

  • Size

    57KB

  • Sample

    221207-gdfd2acf81

  • MD5

    3c7f22b2aec2778946449c555b71abf9

  • SHA1

    230eb5af23d0fd72331f056e4b6bdb3d43c6671a

  • SHA256

    51db4d2c54e299ae26b3085633aa79476560f9a2f5cc4328683cdee5fb6591fe

  • SHA512

    cd1a439ba1b8e11d7203ed5cbe145245017ab8980feb08c3786ebb493b847cfab9934eb4fff3bc99f71594c05092c31fe78a6a86bfa2fa4089ee9ebd5afee85b

  • SSDEEP

    1536:8uYH9T34l26qvDm3bbXSMZyuB3ibtdXxKDHz/kP0N:8uYdT34l26QDm3bbFl2t1xKXkP0N

Score
10/10
asyncratrat

Malware Config

Targets

    • Target

      windll32.exe

    • Size

      57KB

    • MD5

      3c7f22b2aec2778946449c555b71abf9

    • SHA1

      230eb5af23d0fd72331f056e4b6bdb3d43c6671a

    • SHA256

      51db4d2c54e299ae26b3085633aa79476560f9a2f5cc4328683cdee5fb6591fe

    • SHA512

      cd1a439ba1b8e11d7203ed5cbe145245017ab8980feb08c3786ebb493b847cfab9934eb4fff3bc99f71594c05092c31fe78a6a86bfa2fa4089ee9ebd5afee85b

    • SSDEEP

      1536:8uYH9T34l26qvDm3bbXSMZyuB3ibtdXxKDHz/kP0N:8uYdT34l26QDm3bbFl2t1xKXkP0N

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks