Overview

overview

10

Static

static

1

c433de6760...71.exe

windows7-x64

10

c433de6760...71.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c433de67602af04f3ac23efa8aced1f2167b86cd60844ab2633dc4b959813371

  • Size

    1.5MB

  • Sample

    230227-hha6jscb89

  • MD5

    9a3e3276e7078ebd4f9fc151db6d1a35

  • SHA1

    d4b78c17da5e0270b99a762ae6fbda009734b724

  • SHA256

    c433de67602af04f3ac23efa8aced1f2167b86cd60844ab2633dc4b959813371

  • SHA512

    098520f5830b58a0fe57818668372da2854c1a3eea2e8f4e9b6da0f3fdffd05510c5df769d02ef8b632280af79a8c348c6ef38d208a8f5eecb9a676d6014b8dd

  • SSDEEP

    6144:NT03idAZ4AsoKrmhYOPI24viEeck44+/1jKSgsCoP188UZ/8/UWzqY1yCRmWd/9g:k+1vdoNCsjYrTWz5bj1Dz5NZuC6No

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

seznam.zapto.org:6606

seznam.zapto.org:7707

seznam.zapto.org:8808

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808
Mutex

ghbhdythetsqq

Attributes
  • delay

    6

  • install

    true

  • install_file

    atlsas.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      c433de67602af04f3ac23efa8aced1f2167b86cd60844ab2633dc4b959813371

    • Size

      1.5MB

    • MD5

      9a3e3276e7078ebd4f9fc151db6d1a35

    • SHA1

      d4b78c17da5e0270b99a762ae6fbda009734b724

    • SHA256

      c433de67602af04f3ac23efa8aced1f2167b86cd60844ab2633dc4b959813371

    • SHA512

      098520f5830b58a0fe57818668372da2854c1a3eea2e8f4e9b6da0f3fdffd05510c5df769d02ef8b632280af79a8c348c6ef38d208a8f5eecb9a676d6014b8dd

    • SSDEEP

      6144:NT03idAZ4AsoKrmhYOPI24viEeck44+/1jKSgsCoP188UZ/8/UWzqY1yCRmWd/9g:k+1vdoNCsjYrTWz5bj1Dz5NZuC6No

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks