Overview

overview

10

Static

static

3

06211199.exe

windows7-x64

3

06211199.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06211199.exe

  • Size

    787KB

  • Sample

    230609-h12ffscb3v

  • MD5

    0e6861c721b9342f69eba894703f6484

  • SHA1

    6c9b0712a4c249805f2f2f1760cd72cf917aa7c6

  • SHA256

    fb037edda6db14f4cc45540ee0719c8ca02cbc7636f48c14b6dca3bd187f3e44

  • SHA512

    6beb131306e2ae3b91d62f3630271b6755957f2046870ae4b62313851e98b4a2837053ea86d06da3f91d6b9b8ab81eb7e8bf7ccc26b1cb3cbe6cdf9e7db0dbe8

  • SSDEEP

    6144:de/RS6Ugha13DnnTawr+BpIW85aDIamyJ95xuuEHQiljH6gnGJZ1ZnImK:deZB1hXwr+h85pMbxuuEHNe6IZBK

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

fresh03.ddns.net:45265

fresh03.ddns.net:34110

fresh03.ddns.net:2245

fresh01.ddns.net:45265

fresh01.ddns.net:34110

fresh01.ddns.net:2245
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    logs.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      06211199.exe

    • Size

      787KB

    • MD5

      0e6861c721b9342f69eba894703f6484

    • SHA1

      6c9b0712a4c249805f2f2f1760cd72cf917aa7c6

    • SHA256

      fb037edda6db14f4cc45540ee0719c8ca02cbc7636f48c14b6dca3bd187f3e44

    • SHA512

      6beb131306e2ae3b91d62f3630271b6755957f2046870ae4b62313851e98b4a2837053ea86d06da3f91d6b9b8ab81eb7e8bf7ccc26b1cb3cbe6cdf9e7db0dbe8

    • SSDEEP

      6144:de/RS6Ugha13DnnTawr+BpIW85aDIamyJ95xuuEHQiljH6gnGJZ1ZnImK:deZB1hXwr+h85pMbxuuEHNe6IZBK

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks