Overview

overview

10

Static

static

3

9050f1b2fe...fc.exe

windows7-x64

10

9050f1b2fe...fc.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    00178324ac554e6e82c85a75dcb5ecd1.bin

  • Size

    81KB

  • Sample

    230830-bcmttsgh78

  • MD5

    356cf5ebc7bbdf0d2160337b27145400

  • SHA1

    7e6daa245b891f446d00a53a73880d229d9f9635

  • SHA256

    33662b678b26b66b299bd29ae55123674b8cdba03320b421812a30c0761cba47

  • SHA512

    7667489fe0c9621182a086616dde7e8f35593287f884b02e62ca9d72ac3f1c6897fbdd8763fb39038bfe3d9491d42a43d1abc24079463c6355f21f84a16bd9e3

  • SSDEEP

    1536:YzzEssOckzfozieGK+NhBVlhaTLuJVGXwjzXSv/rpClXzRe8ZhXEdiOdfoB:mouQxKhBrhhVoH1qXM8Z2iIc

Score
10/10
asyncratrynabsukpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

RYNABSUK

C2

95.173.247.110:8810

Mutex

RYNABSUK

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      9050f1b2fe9de1303a608ad5329db45d101ff616009add295d67e162ab4d8dfc.exe

    • Size

      105KB

    • MD5

      00178324ac554e6e82c85a75dcb5ecd1

    • SHA1

      80e0d833b4ac41eec676194bd80ec0f55d5bc526

    • SHA256

      9050f1b2fe9de1303a608ad5329db45d101ff616009add295d67e162ab4d8dfc

    • SHA512

      6df2df209441cc234c0da69c7853908914a3add3bc270b4ebfd3626f40f4c8cdfac8e44d9d6537f28785c268a1bd71f80a6fdcda231174c5cac827feaa809675

    • SSDEEP

      1536:egVaNakN+AcOvfpKUmrFZlqgdpZ+rwVINbvlC9bgKXRK9f2kt:egValNvcspmr7lqWZ1Ixk9bgKXRK9fl

    Score
    10/10
    asyncratrynabsukpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks