Overview

overview

10

Static

static

ab936a96e3...15.exe

windows7-x64

10

ab936a96e3...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15

  • Size

    725KB

  • Sample

    230129-x5t99scc5y

  • MD5

    01b52dc2afdb1950a0a7d56d9b1766c4

  • SHA1

    84c49d452de656e71cdca0a20ddb8c3db1a647c0

  • SHA256

    ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15

  • SHA512

    b99199bab0ab53838649087112d7800e44d5b5fb5d8a647fa7ee199c7360ca08b1902ff7955425f56430834bf0cd644bff65d99415b6914d4427dc6e6f77f9f5

  • SSDEEP

    12288:/Cfi3zZfbGF8cVA6TFKd83ypIlyonrKGQVS7DB+/B5oo7I5Efr:6aDZfbc/VAio6GiKGQc7DU5RFr

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Galaxy Swapper.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/KQnTvrv3

aes.plain

Targets

    • Target

      ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15

    • Size

      725KB

    • MD5

      01b52dc2afdb1950a0a7d56d9b1766c4

    • SHA1

      84c49d452de656e71cdca0a20ddb8c3db1a647c0

    • SHA256

      ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15

    • SHA512

      b99199bab0ab53838649087112d7800e44d5b5fb5d8a647fa7ee199c7360ca08b1902ff7955425f56430834bf0cd644bff65d99415b6914d4427dc6e6f77f9f5

    • SSDEEP

      12288:/Cfi3zZfbGF8cVA6TFKd83ypIlyonrKGQVS7DB+/B5oo7I5Efr:6aDZfbc/VAio6GiKGQc7DU5RFr

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks