Overview

overview

10

Static

static

test.bat

windows10-1703-x64

10

test.bat

windows7-x64

8

test.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.bat

  • Size

    48KB

  • Sample

    230201-24e66sfa5w

  • MD5

    106c27af68b78b8670267a5eebfc8040

  • SHA1

    a2bbfb23b51cb1f2bb213dfe410601bc7fa53875

  • SHA256

    037565e9535d9521ad3ab3cfef0e6e91cad24b8e1cab83af7949dae67d95fb5c

  • SHA512

    7de6b4f739f209c11cadee9360d5cb799b77bc5d4083b706a4d9bc21f501bb45e218715dbca6cd61811458b0efd190dba06dc04141650a48d91a305abf8e4600

  • SSDEEP

    768:0oEB9ZEYgBM1D1gozT1RjnAKRc1pU9/gnEiCsfhh8pRA9buJsgsSxQ:jErqY7coz0JagnEtqh8pYbFgsSxQ

Score
10/10
asyncratdefaultratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

mikludoykxx.ddns.net:6606

mikludoykxx.ddns.net:7707

mikludoykxx.ddns.net:8808

mikeludomax.ddns.net:6606

mikeludomax.ddns.net:7707

mikeludomax.ddns.net:8808

mikeludoyyxx.ddns.net:6606

mikeludoyyxx.ddns.net:7707

mikeludoyyxx.ddns.net:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      test.bat

    • Size

      48KB

    • MD5

      106c27af68b78b8670267a5eebfc8040

    • SHA1

      a2bbfb23b51cb1f2bb213dfe410601bc7fa53875

    • SHA256

      037565e9535d9521ad3ab3cfef0e6e91cad24b8e1cab83af7949dae67d95fb5c

    • SHA512

      7de6b4f739f209c11cadee9360d5cb799b77bc5d4083b706a4d9bc21f501bb45e218715dbca6cd61811458b0efd190dba06dc04141650a48d91a305abf8e4600

    • SSDEEP

      768:0oEB9ZEYgBM1D1gozT1RjnAKRc1pU9/gnEiCsfhh8pRA9buJsgsSxQ:jErqY7coz0JagnEtqh8pYbFgsSxQ

    Score
    10/10
    asyncratdefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks