Overview

overview

10

Static

static

3

07812999.exe

windows7-x64

10

07812999.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07812999.exe

  • Size

    691KB

  • Sample

    230605-r8dtsshg7t

  • MD5

    dd505f7c59aa2882633c01034428e952

  • SHA1

    12ffe4b71bdda14909f5d88301597f9cdf75ff94

  • SHA256

    de1b9f6d4bf9909be6073eb4bb16b724a824e3d3d75baef2cfee19f538c79c7e

  • SHA512

    3c79eb968ce299b91d1c456f52c3a6cd2bfd75ae6ac8f6e35c56800e3d2e3f2ceec0e95545cb7cb6c6305e2a26ff1b681c65dd3470f1e9d16b8726e9c223ebd0

  • SSDEEP

    12288:SrgDkO3hHlWxMzIHREJVk/bq4izoW/m7GloyLwo6s7pSCpCETtwpkZQ6b98I:SMA4hHlWxMiQW/O4ue7koUos1JpfhkX4

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

191.101.130.205:6606

191.101.130.205:7707

191.101.130.205:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      07812999.exe

    • Size

      691KB

    • MD5

      dd505f7c59aa2882633c01034428e952

    • SHA1

      12ffe4b71bdda14909f5d88301597f9cdf75ff94

    • SHA256

      de1b9f6d4bf9909be6073eb4bb16b724a824e3d3d75baef2cfee19f538c79c7e

    • SHA512

      3c79eb968ce299b91d1c456f52c3a6cd2bfd75ae6ac8f6e35c56800e3d2e3f2ceec0e95545cb7cb6c6305e2a26ff1b681c65dd3470f1e9d16b8726e9c223ebd0

    • SSDEEP

      12288:SrgDkO3hHlWxMzIHREJVk/bq4izoW/m7GloyLwo6s7pSCpCETtwpkZQ6b98I:SMA4hHlWxMiQW/O4ue7koUos1JpfhkX4

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks