Overview

overview

10

Static

static

6815ff5dc0...38.exe

windows7-x64

10

6815ff5dc0...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6815ff5dc021df4556f774108073648ca9191f7634c9fca94707d54ef686ee38

  • Size

    195KB

  • Sample

    230129-1bsq5aeh7v

  • MD5

    66a167b944c4ea45a207f551e2c9fc28

  • SHA1

    88703c2bf165899ec004dab9f5f273c46a8d286c

  • SHA256

    6815ff5dc021df4556f774108073648ca9191f7634c9fca94707d54ef686ee38

  • SHA512

    89d647f0593518fa63976e168588c41bacd91bd6be59550e535a27ca7d817f29705830ce5ad3810a76096934d66216afb3f4f670309c102f1f4c496027969370

  • SSDEEP

    1536:hu0Fi41HYlZuIyPGSRfxp6kghBtdhv/oOK5XjJwkA1MmnQTNSbgjxAAnieghr4Dq:huTnaYfshPPD74Jo50093FFd7GEawuJ

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

ValentinMihai-48225.portmap.io:48225=>7119:48225

ValentinMihai-48225.portmap.io:48225=>7119:7119
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Windows Defender SmartScreen.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      6815ff5dc021df4556f774108073648ca9191f7634c9fca94707d54ef686ee38

    • Size

      195KB

    • MD5

      66a167b944c4ea45a207f551e2c9fc28

    • SHA1

      88703c2bf165899ec004dab9f5f273c46a8d286c

    • SHA256

      6815ff5dc021df4556f774108073648ca9191f7634c9fca94707d54ef686ee38

    • SHA512

      89d647f0593518fa63976e168588c41bacd91bd6be59550e535a27ca7d817f29705830ce5ad3810a76096934d66216afb3f4f670309c102f1f4c496027969370

    • SSDEEP

      1536:hu0Fi41HYlZuIyPGSRfxp6kghBtdhv/oOK5XjJwkA1MmnQTNSbgjxAAnieghr4Dq:huTnaYfshPPD74Jo50093FFd7GEawuJ

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks