Overview

overview

10

Static

static

1

fc1fb33aa3...68.exe

windows7-x64

7

fc1fb33aa3...68.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1af69713a366a92c3b264e3a0e1565ba.bin

  • Size

    2.0MB

  • Sample

    230327-bgwyascg71

  • MD5

    4ff0cf1f868ced6a63ecc3385787707b

  • SHA1

    e465385d215b73b176f065d52626d5e39e975288

  • SHA256

    8aeff71545abbb926a51c95034de69548f939e5ad4bdd7f6356bc2731bab2135

  • SHA512

    29b3f5316fae6e1b36ab60c5802491ac2aa1df3d2723b7fd7a3de418656015d5194259acd8314c06593f43c8e2352be4f839088734d14b116dab62f9377f6070

  • SSDEEP

    49152:MP4D5qrD+ssbVQFxBvK0DQ9q4Lqbz8nfo9LD/PG:Ms5isGF3LDQ9qbz8AZD/PG

Score
10/10
asyncratbbpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

BB

C2

146.70.128.174:55178

Mutex

1212

Attributes
  • delay

    3

  • install

    false

  • install_file

    MicrosoftRuntime.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68.exe

    • Size

      3.5MB

    • MD5

      1af69713a366a92c3b264e3a0e1565ba

    • SHA1

      72c9ab603da34bfb19af604489089d9fe9ed8653

    • SHA256

      fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68

    • SHA512

      991fbde8bc838e165e97a7a0d242253060f762e2f579b007a29ac816461cd0e51758e740f45ff31d618a8aed057f89f6240cea3a0a7d3f3bb51eb98d08e5c8b9

    • SSDEEP

      24576:gfRd0GtFA0vCpl0og+0q56UGEL5mSewB7CWq22d9nIcnHke6Q2lYeRVCFMjYg6Co:xB0diHNF3ynElzHcg6rv

    Score
    10/10
    persistenceasyncratbbrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks