General

  • Target

    7c891739080f841320db5c5fa00c1970

  • Size

    56KB

  • Sample

    230201-z5ewpacc93

  • MD5

    7c891739080f841320db5c5fa00c1970

  • SHA1

    a643743edc2b433e1a4a9e351191c45b653bab7b

  • SHA256

    9ba273e5655ddf51c2714c0e0f6963e1498d882bbf9cdb4d707ee53f6e62d375

  • SHA512

    7640f7dcf44cd0b5ac28bd154ecbc2dbe0d1e35386f29db048cc41e726fc7c3b3a42d16accfd7aad95862be3d4a7443a8fadd088deb5a359d4e8309abc2523b9

  • SSDEEP

    384:s/jtBgfZAGbN5npUXbYhsedHsZIuxyrzwNZd/8qlwlNh5SFFV:s8bJUX+sgMZIDrUNjdwlVSFFV

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

bendito2714.duckdns.org:7090

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    30

  • install

    false

  • install_file

    bendito.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7c891739080f841320db5c5fa00c1970

    • Size

      56KB

    • MD5

      7c891739080f841320db5c5fa00c1970

    • SHA1

      a643743edc2b433e1a4a9e351191c45b653bab7b

    • SHA256

      9ba273e5655ddf51c2714c0e0f6963e1498d882bbf9cdb4d707ee53f6e62d375

    • SHA512

      7640f7dcf44cd0b5ac28bd154ecbc2dbe0d1e35386f29db048cc41e726fc7c3b3a42d16accfd7aad95862be3d4a7443a8fadd088deb5a359d4e8309abc2523b9

    • SSDEEP

      384:s/jtBgfZAGbN5npUXbYhsedHsZIuxyrzwNZd/8qlwlNh5SFFV:s8bJUX+sgMZIDrUNjdwlVSFFV

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Deletes itself

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks