Overview

overview

10

Static

static

1

view.exe

windows10-1703-x64

10

view.exe

windows7-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    view.zip

  • Size

    807KB

  • Sample

    230221-b35gkafb2x

  • MD5

    1e0b4608d4236b2481cd1a75a11a29ce

  • SHA1

    93c0e177b01f218b7c22067217f7e4df6f038428

  • SHA256

    66fbd626eac4b285f093e5fbff484daa95d270e981eda051836b5ee47ea7a01b

  • SHA512

    be12954609f96bd7bde7d5b2dea66e165c3137098cec7436457467b15b96a55842ba222adb50865b2888811a490a9e98dc638c892219f2f5d07b36e0eb0bfd1e

  • SSDEEP

    6144:E2bLf4cN90DJ6uc5WOxe87vLlMMSwPRobACYPaTwPE54odL:ErA90DJ+E/8TmtwPRo6MHL

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

95.216.102.32:6606

95.216.102.32:7707

95.216.102.32:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      view.exe

    • Size

      500.0MB

    • MD5

      17beeecdd8a676132dfa178a1cb90161

    • SHA1

      9fb39d298a16798c144813d440bcdbb28b2f2464

    • SHA256

      c3bbcf49833323978f3df6a3ae4d27cd278930ca78c5b178d6c7558c0b6210a2

    • SHA512

      5eb5b34082ee113e0717109c1e1936af2ca338d62afff96645c79927716bae44bd48e5e1c4a788499fbe05daecaa9fda250992dcf8db2715993cd8aab0964e6d

    • SSDEEP

      6144:UahORp0yN90QESEsORO87HLlkMSwxRopaCYPaT8PE54X:UiVy90sND8DytwxRoqKy

    Score
    10/10
    asyncratdefaultpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks