Overview

overview

10

Static

static

10

ekeng-mta.exe

windows7-x64

1

ekeng-mta.exe

windows10-2004-x64

10

mta.dll

windows7-x64

1

mta.dll

windows10-2004-x64

1

mta.ps1

windows7-x64

10

mta.ps1

windows10-2004-x64

10

Resubmissions

23-09-2023 06:54

230923-hpl7dsdf3x 10

22-09-2023 05:10

230922-ftprzafc57 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    APT malware.zip

  • Size

    1.7MB

  • Sample

    230922-ftprzafc57

  • MD5

    e592b6b828fb175e0b00840e7d79a3b8

  • SHA1

    48ad32246f2fea1888e8a084258607f5a9988a24

  • SHA256

    6d1374bb816d1e54b4cffae41830837e0c83985156a4b33f5dbce644bdb61de9

  • SHA512

    47083251696dcf0a5b5a489a9e000c3c2c8a1d110905b4460a6862f3669db3927fec90543c93d030b22b406efb7db0dc3344e85d6c478d649e1e4afba96061f3

  • SSDEEP

    49152:kboYzEp67lBFpmR35Qap7+FmUMhQlSfqUT6mz6z6:kbjz267lpSQap7tUmqSfLLz6z6

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://139.84.231.199:8080/get/CF6frm57nj/mta.dll

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:31507

Mutex

ajmlxbvgoegjpkevdnz

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ekeng-mta.exe

    • Size

      3.5MB

    • MD5

      cbbad2e2170ee73c2bfdacdade718d29

    • SHA1

      dcab4fafa0387c0b4f5b700763cea78afb092024

    • SHA256

      3a679cb98f88d7d6bd84dcfe9717238c08c05942055bdb798103224e7f2f2ca9

    • SHA512

      a4133f07ad8de23c82e164ee2bee32704efaf119cd4f1142145fca8688094b485317722db030e70fadeb8237a20dbded71f9340cafad8cdd982a1011da6fccca

    • SSDEEP

      98304:R/YJIkkCBJroBdDv6Lj9uGQdT7Nx2Yn686n:R/0

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      mta.dll

    • Size

      734KB

    • MD5

      e1d068a143a5f2aaa98f231dfcfb0e72

    • SHA1

      f5145ec20482b39b727e980169da92e36d4c5a6e

    • SHA256

      7862632e456cc07a91d22aacd67333298369a502fb60c45c882fd62f6e9f5907

    • SHA512

      6f1642c244d9e89ad7696004f67e0bb32eac0277454e18f4da19299c184bcc991aaa504c4f5b1c75ce80bfda3b695deca6027c3d135c3e1ad71e684ea8a27a11

    • SSDEEP

      12288:mJpJ1Th7wGcxynJX05ZBnoKLiqjBHAaAtqNjhDtqNjhK:IpZqsgeVa2qNnqNo

    Score
    1/10
    behavioral3behavioral4

    • Target

      mta.ps1

    • Size

      743B

    • MD5

      d4567ca45aded54298f9ccf063ed89cf

    • SHA1

      72ef210030f0f470433a6aacc66dfbe4cbfdad5c

    • SHA256

      60416198c9b2105c9204638fd00e154e2f5c32ba45f5a8ae2671bae565c062e9

    • SHA512

      e616e9711a76525a30063b226c1c11131c30199a5cdb6389b6867e8a626d49abfa43c549f83f068fe7dfbe99c62c124ff838e318807ad65e8cd5db318088331e

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks