Overview

overview

10

Static

static

10

aws.exe

windows7-x64

10

aws.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aws.exe

  • Size

    85KB

  • Sample

    230121-aawhhsab58

  • MD5

    63fb22e516c5c5f243b06b35883956f9

  • SHA1

    b915cdc9c0a9f7afe7a28d8a47e778a2b99f8374

  • SHA256

    14d3276ca733ff2efebeb3208f7e233da4df8735514c216e5fa52a83e9110f8b

  • SHA512

    c012d8ac37a2742218c14812e50cb456ed3fe2df954059ce221a5c971746f74c4e940e37eb81443dd10df7a430e227b039a33d8264bbf42874d9076737808955

  • SSDEEP

    1536:Yr4lbI9/CJxFz3FI8Cwof4wJ9JDUiPDMNkGbbawfpaSGRZVclN30/yRmP:O41I9/CJxFz3FI8Cwo7J7DRDMOGbbagG

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

192.253.245.243:7771

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    Windows Defender Security.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      aws.exe

    • Size

      85KB

    • MD5

      63fb22e516c5c5f243b06b35883956f9

    • SHA1

      b915cdc9c0a9f7afe7a28d8a47e778a2b99f8374

    • SHA256

      14d3276ca733ff2efebeb3208f7e233da4df8735514c216e5fa52a83e9110f8b

    • SHA512

      c012d8ac37a2742218c14812e50cb456ed3fe2df954059ce221a5c971746f74c4e940e37eb81443dd10df7a430e227b039a33d8264bbf42874d9076737808955

    • SSDEEP

      1536:Yr4lbI9/CJxFz3FI8Cwof4wJ9JDUiPDMNkGbbawfpaSGRZVclN30/yRmP:O41I9/CJxFz3FI8Cwo7J7DRDMOGbbagG

    Score
    10/10
    asyncratdefaultpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks