Overview

overview

10

Static

static

0c3da066f0...d6.exe

windows7-x64

8

0c3da066f0...d6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0c3da066f0c04ad78849c1f4a2cfe2d6.exe

  • Size

    22KB

  • Sample

    230201-rykvcsaa88

  • MD5

    0c3da066f0c04ad78849c1f4a2cfe2d6

  • SHA1

    fe31f3b33a402c3fe908a647b15995cdd6264645

  • SHA256

    3a6851c4644a95b51a0dad88d66986afca533a2ad2f9cfb9db7bb29c0164284b

  • SHA512

    1cd73e051630e0fc767ab614e563cbe266b89c7e3401f9bb573bea318910945112525d6674a0fe01eeb4de57058900703b7ff78e0d8480b791297fa08234196d

  • SSDEEP

    192:CXDgrZPf0SKeHfNRB7MGA51mS9nRuczNuczOKnxZRBZHJIYiYF8ur7azSRzdZ5:CErZX0SK05MPjZ9nf7JnThJIYiwfR1

Score
10/10
asyncratrat

Malware Config

Targets

    • Target

      0c3da066f0c04ad78849c1f4a2cfe2d6.exe

    • Size

      22KB

    • MD5

      0c3da066f0c04ad78849c1f4a2cfe2d6

    • SHA1

      fe31f3b33a402c3fe908a647b15995cdd6264645

    • SHA256

      3a6851c4644a95b51a0dad88d66986afca533a2ad2f9cfb9db7bb29c0164284b

    • SHA512

      1cd73e051630e0fc767ab614e563cbe266b89c7e3401f9bb573bea318910945112525d6674a0fe01eeb4de57058900703b7ff78e0d8480b791297fa08234196d

    • SSDEEP

      192:CXDgrZPf0SKeHfNRB7MGA51mS9nRuczNuczOKnxZRBZHJIYiYF8ur7azSRzdZ5:CErZX0SK05MPjZ9nf7JnThJIYiwfR1

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks