Overview

overview

10

Static

static

3

2bc78e0d14...2d.exe

windows7-x64

10

2bc78e0d14...2d.exe

windows10-2004-x64

10

4922d2660f...c5.exe

windows7-x64

10

4922d2660f...c5.exe

windows10-2004-x64

1

4e14f58935...61.exe

windows7-x64

10

4e14f58935...61.exe

windows10-2004-x64

1

64b9d76ec0...52.exe

windows7-x64

10

64b9d76ec0...52.exe

windows10-2004-x64

3

79f68c9a2d...ee.exe

windows7-x64

7

79f68c9a2d...ee.exe

windows10-2004-x64

7

c984a9446b...d3.exe

windows7-x64

10

c984a9446b...d3.exe

windows10-2004-x64

3

d69dc8e0a1...67.exe

windows7-x64

10

d69dc8e0a1...67.exe

windows10-2004-x64

10

dff2cf2793...3f.exe

windows7-x64

10

dff2cf2793...3f.exe

windows10-2004-x64

1

e542080348...18.exe

windows7-x64

10

e542080348...18.exe

windows10-2004-x64

10

f96c9a2487...e6.exe

windows7-x64

10

f96c9a2487...e6.exe

windows10-2004-x64

3

fe2da521d1...ff.exe

windows7-x64

10

fe2da521d1...ff.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.zip

  • Size

    11.4MB

  • Sample

    230616-skvcbafc6x

  • MD5

    5d86b65e545d06d15e30a1abedf93530

  • SHA1

    8fb3c5130fbd42bd1d58f52de7a57c4c3e9aa2b1

  • SHA256

    e7bf6176eb0f048d92c32f88265fb268e1fcb95c010b8ac561a830b20be0b756

  • SHA512

    840c5800d7c8fa028355e87d71a892dd9f159bb163acd9a5dd9b7ca2f4e3cb798fc1df72f3b3d892157bc6d05cddfe19aeda353b51a20c8f71bc2a68b156e423

  • SSDEEP

    196608:W+3KoQgBGPNXVbT/NKykyvHdwjuTujHi+OgDWOzuAwLJCM4E3mMqG:W+3KoQHlbT/UykyEbLOgRzuAwLJCM4K/

Score
10/10
asyncratcobaltstrikegh0strat1359593325391144938defaultbackdoorpyinstallerrattrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://45.77.45.243:80/MHYo

http://47.100.229.207:80/bootstrap-2.min.js
Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://45.77.45.243:80/__utm.gif

Attributes
  • access_type

    512

  • host

    45.77.45.243,/__utm.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1MdX3ZRB269oOFHhcS9y7/4ze8AhFcGBKcU1oxKJmsPnFb0veqfUoNBE0uJCpJOzoKyNvngcJuz76aRb0Hvwag2mIXrX5f/3UB3P2WZFtxVHOhYgXLVPd8VlQD9eAPPUEceDRBN2lvYJGuakGOOCQTzb21ErU1bl10tHS2cFATwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)

  • watermark

    391144938

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

aa9064aa.e1.luyouxia.net:22391

Mutex

1

Attributes
  • delay

    1

  • install

    false

  • install_file

    1.exe

  • install_folder

    %AppData%

aes.plain

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://47.100.229.207:80/api/user

Attributes
  • access_type

    512

  • host

    47.100.229.207,/api/user

  • http_header1

    AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    1000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPdyzFRVv7L5NJsDxJsRBqH7w21Me44wpG9eJzt4tko0k/p8jrDpu8ys/AWwm1UOBidaPL/AfTpvIkrjfbvJphRIOpNZRbLb+uZwy0ZD0Jw5uU7ZSAjHcFJ9uWnayQotYrnmqMJZs9LKSzMz2BN0Y7MAu9Ktx2yOWMc4IJ+ZzMawIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.018841856e+09

  • unknown2

    AAAABAAAAAEAAAAMAAAAAgAAABQAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/login

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

  • watermark

    1359593325

Targets

    • Target

      2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exe

    • Size

      148KB

    • MD5

      5962e66c82fcd853fbfe2c6e8fdf3058

    • SHA1

      74c6b0b42ba3d888b630d7f42c6924aecc40a9d4

    • SHA256

      2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d

    • SHA512

      08965e5b3a5737d6eb9754b48c12cbf8ad9cba5195d87e14304a386f4a463acb00ac8d0dd1467307f8dfa6a962beff59697d815ba1d7b577fe257a280d4698eb

    • SSDEEP

      3072:kyqybyIkfZmxLCokgxcE4VFWGAGP4gqSBmQ:Yyu6LC9gxAVFWU4gXL

    Score
    10/10
    cobaltstrike391144938backdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      4922d2660f30b4a1729b6861093b491a60ab49586545106b24af2840aa690ac5.exe

    • Size

      802KB

    • MD5

      94d374ec7d1f95caa5829d2f4693e74b

    • SHA1

      aba17540d4521de28d241599970b381d49950cbc

    • SHA256

      4922d2660f30b4a1729b6861093b491a60ab49586545106b24af2840aa690ac5

    • SHA512

      b8b84cc4ef3762687b156e0864021b99f04ec7b753c503e9db59b026e50b1faaf6e84fd3f95d8a01a1c5f344f5fc665114985461a11473e9c6ba0207d43006b0

    • SSDEEP

      12288:rkUt3DgJa1FnigQm6iXhcMZqgj+2VtPDZYONSaBBq:rkUdigPWMEgttPilaBB

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral3behavioral4

    • Target

      4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe

    • Size

      1.4MB

    • MD5

      fd9c7d6f558d0afccd202e41430495a7

    • SHA1

      1030d9b996f71ce204858f5ce08ea3bf30dfc642

    • SHA256

      4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361

    • SHA512

      2b2e7cad8370eafc4dfbf39f30680f5f2342858ff89299e57bb9826c5281fccbfb56f5816c0e8ffd9ecad0bba977e293cd2e302b1ed894173639569740a96c66

    • SSDEEP

      12288:f81BydfZOHIdWc02tHIFxqwxwqk8OeHxZProNiXhfQv7RJ2FuidognS2IingF6kd:cafZMmWc00HWXoKctJfQ8bFF1

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral5behavioral6

    • Target

      64b9d76ec0d30f2875691f8b230e5caf8cddfa50ba1a763d59680473b2be0a52.exe

    • Size

      1.4MB

    • MD5

      29338021e3c2ab4cbc053c959317eb95

    • SHA1

      a902a5a1e91712befcb1757829c2f8ba1516aae4

    • SHA256

      64b9d76ec0d30f2875691f8b230e5caf8cddfa50ba1a763d59680473b2be0a52

    • SHA512

      858f0572c730000f4f1b35f9ff9d5f1d5362fe5906420cf1ddff08093e5888838d550013e5334d1047faed3ec2cff7d519628ab880b3581a34018a642c9cfbc6

    • SSDEEP

      12288:VtvjAl4blss8+o4BIHAiKw7d4C+TSD0fzlj7iXhASBijMoryJKnS2IingFdYxYee:zvjAl2lss82GIfzljHSIYG8bFL

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral7behavioral8

    • Target

      79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

    • Size

      2.1MB

    • MD5

      fbb17233217f4c478c9ce3907e8dfef2

    • SHA1

      365df15b6950f5f1749cec380ed5bba8c6c227db

    • SHA256

      79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee

    • SHA512

      c5c0d10e38b8e0f8615e2bc024ce862943c71a6ccfa839d64bdf2aafc6b950d7b22e7c4fbe1e55baf97c806b05a278da78d4ebb1fd9d14566bbf05dd92ca13a4

    • SSDEEP

      24576:B/qEChjzz3F8mvKhx68xjf73b3KteFUp9HHJOApt5Xkoe/T31XQn:IECBzzGmMb6IS9JRHXkoeLlgn

    Score
    7/10

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral10behavioral9

    • Target

      c984a9446b24e7a75a7b034c5074e483fce1cace1591119c1a462d0cb2d509d3.exe

    • Size

      1.4MB

    • MD5

      8067edb9924b716bced6e360c04db039

    • SHA1

      1ca8125a7c53eef1a31b99115e636352d24a117c

    • SHA256

      c984a9446b24e7a75a7b034c5074e483fce1cace1591119c1a462d0cb2d509d3

    • SHA512

      714890014c3619f5bd2d14561600a63c48a554adcf23953ffbee25cae0d35d25b439b75176b8b26521f8143e8342d16e31d02ed7f9192848c26b09a935a4d58c

    • SSDEEP

      12288:GtvjAl4blss8+o4BIHAiKw7d4C+TSD0fzlj7iXhASBijMoryJKnS2IingFd0xYee:avjAl2lss82GIfzljHSIYG8bFT

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral11behavioral12

    • Target

      d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67.exe

    • Size

      6.3MB

    • MD5

      e2702d7772965f4aea5d7a01d027f481

    • SHA1

      c5a7518605e64882fc54d47e1234466ab33bab5b

    • SHA256

      d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67

    • SHA512

      95a5263364718ec88d7deebb76ebe4342e6cb86838e8b4217a135925f588792bb8ca25f5e17237abd61b171f671c80fa0a8c185c44f1972de274c41aeee5eec6

    • SSDEEP

      196608:f8n+RHarkpO1zCypLpJfsdrJTeEbPt1m3wQ+l:ET31zdRpJUdJTZDt1m2

    Score
    10/10
    cobaltstrike1359593325backdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      dff2cf279301edf6166a5f144b93922f245bbfe58030e0633497f4271f6a763f.exe

    • Size

      2.0MB

    • MD5

      9bd3537fdb009ed4049bf505f28c000c

    • SHA1

      a73737a5ac8b16ebe0fc1037bfdcfe22812e724f

    • SHA256

      dff2cf279301edf6166a5f144b93922f245bbfe58030e0633497f4271f6a763f

    • SHA512

      f54959938255df2db61361a4cd552b48dc11710ec91305c74469363c7d6287a736a0162bb7750afa6b4b712b417d0fd19c8e2c4bf9e7674a3f46b46e5c5b9386

    • SSDEEP

      49152:rqg07TdlgvDugLv10D1Xt+sv2m8nFJAh+lParE:ilgIt+sv2mJ0CI

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral15behavioral16

    • Target

      e5420803485f33ca53c3314eb2a77370bf936083e5d32e1e0a53427731aed418.exe

    • Size

      1.9MB

    • MD5

      5180aed5b965547e91efa008b717f60e

    • SHA1

      54880ff5d78461ce44c360eac1d6b78324f2d9ac

    • SHA256

      e5420803485f33ca53c3314eb2a77370bf936083e5d32e1e0a53427731aed418

    • SHA512

      7ff238fe96ee8d6261a7b2c966695b1beed388b8c5d015e4b3398c6ac25542b6a999814034076f7091b6e64db6f63e07b27d119a128599b3704d21654d254623

    • SSDEEP

      49152:sD570Xqsslj++UXO26hSrtML/eYxkkdLqVK5zBO6LvVV1WWhxU9BJ:s0Xqssl1UXOnSrtML/eYxkkdLqUxZV3I

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral17behavioral18

    • Target

      f96c9a248732ef1465a9bf5d838c3ff5b47c0330dbc05be28611fc1c7461f9e6.exe

    • Size

      1.4MB

    • MD5

      6a18ac5e750f3e17501fa3021972ead1

    • SHA1

      7d5772f7caf17b5de57411f9c1d75e1135447b74

    • SHA256

      f96c9a248732ef1465a9bf5d838c3ff5b47c0330dbc05be28611fc1c7461f9e6

    • SHA512

      d3e1af011cc435003f4b1e1abca896a6eb2a1e9f4ce2019132b6559a570fc439ab4ac29f76cffb2dc432b4f863ca0d1bf5fde4ab4a8381c93c6ddaa18f134134

    • SSDEEP

      12288:etvjAl4blss8+o4BIHAiKw7d4C+TSD0fzlj7iXhASBijMoryJKnS2IingFdYxYeU:SvjAl2lss82GIfzljHSIYG8bFLv

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral19behavioral20

    • Target

      fe2da521d1ffb45f669a038f6c729378978c3c144e4008bdcd70cf4edc2c1bff.exe

    • Size

      1.4MB

    • MD5

      c641c7d9ca216af957bc8c752583e27d

    • SHA1

      30b0af43a995d8209e2eee2942b87f27e2175270

    • SHA256

      fe2da521d1ffb45f669a038f6c729378978c3c144e4008bdcd70cf4edc2c1bff

    • SHA512

      5b6bb756e16440ec4a0635d245017b1e871e36074cb8719dbe49b2ef75bdaaa418525223ebba69b8d206ca2b60c4780b57d57ad01ff12b4cd48f69ac8ae6887a

    • SSDEEP

      12288:XuW70T6Q6VyNflqsrlEqOk/ZqOsIiXhn1IE9OnKxA2nS2IingF3u2:XuW78rcyNSOs/139p8bFj

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat
    behavioral21behavioral22

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks

static1

pyinstaller
Score
3/10

behavioral1

cobaltstrike391144938backdoortrojan
Score
10/10

behavioral2

cobaltstrike391144938backdoortrojan
Score
10/10

behavioral3

asyncratdefaultrat
Score
10/10

behavioral4

Score
1/10

behavioral5

asyncratdefaultrat
Score
10/10

behavioral6

Score
1/10

behavioral7

asyncratdefaultrat
Score
10/10

behavioral8

Score
3/10

behavioral9

Score
7/10

behavioral10

Score
7/10

behavioral11

asyncratdefaultrat
Score
10/10

behavioral12

Score
3/10

behavioral13

cobaltstrike1359593325backdoortrojan
Score
10/10

behavioral14

cobaltstrike1359593325backdoortrojan
Score
10/10

behavioral15

asyncratdefaultrat
Score
10/10

behavioral16

Score
1/10

behavioral17

gh0stratrat
Score
10/10

behavioral18

gh0stratrat
Score
10/10

behavioral19

asyncratdefaultrat
Score
10/10

behavioral20

Score
3/10

behavioral21

asyncratdefaultrat
Score
10/10

behavioral22

Score
1/10