Overview

overview

10

Static

static

3

suichu/44e...f6.exe

windows7-x64

10

suichu/44e...f6.exe

windows10-2004-x64

3

suichu/a9b...4e.exe

windows7-x64

10

suichu/a9b...4e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    suichu.rar

  • Size

    757KB

  • Sample

    230702-jckngacb2v

  • MD5

    3d5391bb3edd51b47d32110d610e299a

  • SHA1

    5f83b6126d9f8b0b5d762847fae04e23996de52a

  • SHA256

    f2b99a53f9544d6b4125881456560a96df20f8a087a9d5e3cc9cf52d7ad8cd18

  • SHA512

    22ca2efc3122987ca55567e704f05adb80ae61a579e8e986ce0f37b7d89e897f828e5c2fbeb076d3a99ac3b77c708a7d3a9e2a6fc1140be61762f72ce915d165

  • SSDEEP

    12288:zi4XBPxr298Wpbswq4lBCRW+EQdTu7d8yicgP2yca3KcpvvQsAbKbnWwe2Y4:zrBPxr298WrlBurCd8y3gOYaiQsQKbNx

Score
10/10
asyncratcobaltstrike1359593325defaultbackdoorrattrojan

Malware Config

Extracted

Family

asyncrat

Version

0.0.1

Botnet

Default

C2

7593352b2g.imdo.co:28870

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

cobaltstrike

C2

http://service-0hf6dzvz-1317000763.sh.apigw.tencentcs.com:80/bootstrap-2.min.js

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://service-0hf6dzvz-1317000763.sh.apigw.tencentcs.com:80/api/x

Attributes
  • access_type

    512

  • host

    service-0hf6dzvz-1317000763.sh.apigw.tencentcs.com,/api/x

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    3000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgwZtr5WmRWGqXa6bxdqQDUmj+XU+vA4zK2b7Nfzq4qy143458ufxXidOMjoSLVP3BqyJgWamd0KYY7Yt3bDmFbWashi7f+OYdWpDNixd5AvcGOOzQhShEZ/0Uz8CG/gc99swyssnxs0YBg9Hka4Wh0ufxO89KSApuLegLE5i1/QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/y

  • user_agent

    Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

  • watermark

    1359593325

Targets

    • Target

      suichu/44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6.exe

    • Size

      4.3MB

    • MD5

      f81b49472a5eb58b5d9efef3bc5a897f

    • SHA1

      ad6161289a08b1eb0679b2de19a634582409d70c

    • SHA256

      44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6

    • SHA512

      85ec70726db6ce19e10ccd008987644121a07d0705f327a8b7263a83e38be4be5cc48eec8def5431ebfa058b8eb37da8588e5b434cb337440430607a1721d8eb

    • SSDEEP

      49152:j8XpZsms5gh/wUseMUk5Wm2umlefxRs+8QFbjMWrfdmx9ZTAp:b5gh/wz/h8aXfdmx9ZTAp

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat
    behavioral1behavioral2

    • Target

      suichu/a9b9b041c15253ca700295888896273fd78fb7ec1b5ac84d5e984b9615c9dc4e.exe

    • Size

      162KB

    • MD5

      9114eac4eb34599997e5fa59bf64f1ef

    • SHA1

      a923c30e4b3ea331185eb727bf5e39115dae0f11

    • SHA256

      a9b9b041c15253ca700295888896273fd78fb7ec1b5ac84d5e984b9615c9dc4e

    • SHA512

      324e0175ab4e5e44a3836ff1527b48f4859474ffdb9a09d600b670d11ece59cf26ffa903b5a987274fc5dd15f56caa142f124f3477d7b5688685a44d423d748b

    • SSDEEP

      3072:g2NEk99HV9xgMFHgFFuqduAM8TqPYwrP2:gUR9xFOMTYkP

    Score
    10/10
    cobaltstrike1359593325backdoortrojan
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks