Overview

overview

10

Static

static

3

IgXNkefSCwhtVCR.exe

windows7-x64

10

IgXNkefSCwhtVCR.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IgXNkefSCwhtVCR.exe

  • Size

    627KB

  • Sample

    230609-jgyqwsbd96

  • MD5

    c7b595da0280818998af6a5eaabeb6ed

  • SHA1

    97e0e2c7be4b44d058c4e40e75ff59582917a8e7

  • SHA256

    63b2add18bbd481c278a85e74c496918a12ea951301951134956e0b4449ebf39

  • SHA512

    01913066f42efc8dbe369239b260802a3280da9045ffd59a298acb9cb6bd9e877d9072c12cef8bee36b53ed1ed1715b4268c0cfa325aacdf5d351fb14c6eb3d2

  • SSDEEP

    12288:8Gmp0lWxMzIHREJVk/bq4izoW/m7/ePmr9eRf5ORReTed59dTqGiyxA+kqIt:dmilWxMiQW/O4ue7/ePNRROiyd+mO+k

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

95.214.27.44:6606

95.214.27.44:7707

95.214.27.44:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      IgXNkefSCwhtVCR.exe

    • Size

      627KB

    • MD5

      c7b595da0280818998af6a5eaabeb6ed

    • SHA1

      97e0e2c7be4b44d058c4e40e75ff59582917a8e7

    • SHA256

      63b2add18bbd481c278a85e74c496918a12ea951301951134956e0b4449ebf39

    • SHA512

      01913066f42efc8dbe369239b260802a3280da9045ffd59a298acb9cb6bd9e877d9072c12cef8bee36b53ed1ed1715b4268c0cfa325aacdf5d351fb14c6eb3d2

    • SSDEEP

      12288:8Gmp0lWxMzIHREJVk/bq4izoW/m7/ePmr9eRf5ORReTed59dTqGiyxA+kqIt:dmilWxMiQW/O4ue7/ePNRROiyd+mO+k

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks