Overview

overview

10

Static

static

1

1af69713a3...ba.exe

windows7-x64

7

1af69713a3...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1af69713a366a92c3b264e3a0e1565ba.exe

  • Size

    3.5MB

  • Sample

    230325-rhvdvsda63

  • MD5

    1af69713a366a92c3b264e3a0e1565ba

  • SHA1

    72c9ab603da34bfb19af604489089d9fe9ed8653

  • SHA256

    fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68

  • SHA512

    991fbde8bc838e165e97a7a0d242253060f762e2f579b007a29ac816461cd0e51758e740f45ff31d618a8aed057f89f6240cea3a0a7d3f3bb51eb98d08e5c8b9

  • SSDEEP

    24576:gfRd0GtFA0vCpl0og+0q56UGEL5mSewB7CWq22d9nIcnHke6Q2lYeRVCFMjYg6Co:xB0diHNF3ynElzHcg6rv

Score
10/10
asyncratbbpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

BB

C2

146.70.128.174:55178

Mutex

1212

Attributes
  • delay

    3

  • install

    false

  • install_file

    MicrosoftRuntime.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1af69713a366a92c3b264e3a0e1565ba.exe

    • Size

      3.5MB

    • MD5

      1af69713a366a92c3b264e3a0e1565ba

    • SHA1

      72c9ab603da34bfb19af604489089d9fe9ed8653

    • SHA256

      fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68

    • SHA512

      991fbde8bc838e165e97a7a0d242253060f762e2f579b007a29ac816461cd0e51758e740f45ff31d618a8aed057f89f6240cea3a0a7d3f3bb51eb98d08e5c8b9

    • SSDEEP

      24576:gfRd0GtFA0vCpl0og+0q56UGEL5mSewB7CWq22d9nIcnHke6Q2lYeRVCFMjYg6Co:xB0diHNF3ynElzHcg6rv

    Score
    10/10
    persistenceasyncratbbrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks