Overview

overview

10

Static

static

10

1132-57-0x...ry.exe

windows7-x64

10

1132-57-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1132-57-0x0000000000440000-0x0000000000452000-memory.dmp

  • Size

    72KB

  • Sample

    230127-stxtssdd2t

  • MD5

    e7afa7e1f54068ac12f9aaaab67b08b2

  • SHA1

    eac0f19443656792cfac8d834838a71825372cc8

  • SHA256

    4eeb2de0d01d74df98844353eb76c6d3e1ef39eb773582644470d60c9a7e5a94

  • SHA512

    6bbbd4a1dc33c0d1217928da3a3dfaa599d0ffb6b0a70dd2ed6461f80d43c2a23ab54226b213e92e9a89baadf142c7a6b02c0221faf9b4f2d8ebba64f53c4688

  • SSDEEP

    1536:7o1cMD5s1f+ObNrS81t91EG6r1KmVcl0C:7o1cMD5s1f+ObNfMG6xK8Y0

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808
Mutex

uhxwanciie

Attributes
  • delay

    11

  • install

    true

  • install_file

    hotmaile.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1132-57-0x0000000000440000-0x0000000000452000-memory.dmp

    • Size

      72KB

    • MD5

      e7afa7e1f54068ac12f9aaaab67b08b2

    • SHA1

      eac0f19443656792cfac8d834838a71825372cc8

    • SHA256

      4eeb2de0d01d74df98844353eb76c6d3e1ef39eb773582644470d60c9a7e5a94

    • SHA512

      6bbbd4a1dc33c0d1217928da3a3dfaa599d0ffb6b0a70dd2ed6461f80d43c2a23ab54226b213e92e9a89baadf142c7a6b02c0221faf9b4f2d8ebba64f53c4688

    • SSDEEP

      1536:7o1cMD5s1f+ObNrS81t91EG6r1KmVcl0C:7o1cMD5s1f+ObNfMG6xK8Y0

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks