Overview

overview

10

Static

static

399a0e7732...03.exe

windows7-x64

10

399a0e7732...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    399a0e77326dc484fa92fd5f95f2dbd89866dfd4e7e80661634a9a83f0652403

  • Size

    8.6MB

  • Sample

    221213-qhn2eahd2v

  • MD5

    4e0659603ec76a72df1fa8493a3e75a7

  • SHA1

    d4c2551e370611487b17e03ac46019182b0dd473

  • SHA256

    7f38d3b48893e06b2ed7d6f95827612b9a94181fabd9bf045f934e6b23ff197c

  • SHA512

    a915bc4e4c0636a7c8aafac8211ae2de7ac6c72d3aeb8861724d10dd7cbac8734f49ab05f7c0fdbd2746f8f15c3f42ece27096632b263deaf0b8fe7f45d37936

  • SSDEEP

    196608:LoRNmquRPxYHDrpVMYrBvLAOM/4WyrOOYSphRBrnc:ERkbRp6bMYrBUOM/4W4OOYM1rc

Score
10/10
asyncratsystem guard runtimerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes
  • delay

    3

  • install

    false

  • install_file

    System Guard Runtime

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      399a0e77326dc484fa92fd5f95f2dbd89866dfd4e7e80661634a9a83f0652403

    • Size

      14.7MB

    • MD5

      2cbd5d9d43c5c49f0580975e9e620808

    • SHA1

      17e209b6d6c66882ed78a40d7e0d211760b489a0

    • SHA256

      399a0e77326dc484fa92fd5f95f2dbd89866dfd4e7e80661634a9a83f0652403

    • SHA512

      26e06d3d3b4f8d1198f483e2485ee107782c7f5b70ddb4d48dd84c9ef81029af316ad3a184c90921c6f1188f92d88b9fd6a152eaba5648a03bfbdea589202812

    • SSDEEP

      196608:X0hLU8m9T9crlNBd8Sbrlzg0IzM7djVK2:khA595q38SbBs0IzM3

    Score
    10/10
    asyncratsystem guard runtimerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks