Overview

overview

10

Static

static

3

fed-ethereal.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fed-ethereal.exe

  • Size

    46.1MB

  • Sample

    231105-matp5sec31

  • MD5

    2e85525347ca88fd99f5915c07106873

  • SHA1

    951808febe174bb345e61622d0e890a86c36a3a6

  • SHA256

    1b3cabb09aa612118c9f13c63c39fb8281991c5a802d0815f3f36655c1b5bdae

  • SHA512

    1fac6d91f2d8b31af25abd90479d94974a0c561054e56d3ea27c69fe02b02187479e583c1d5e4b55b2fbb88f95b8f079673625303f6dedc63b3f247256e2336a

  • SSDEEP

    786432:57r3dPKRJvrHiRyc0eacOHzeMKVxzx5c6OHzeMKVxzx5cU5FpYQiln3p:5FQJvrHLc0eacOHzDCd5c6OHzDCd5cUM

Score
10/10
asyncratdefpyinstallerrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

C2

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes
  • delay

    1

  • install

    true

  • install_file

    CCXProcess.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      fed-ethereal.exe

    • Size

      46.1MB

    • MD5

      2e85525347ca88fd99f5915c07106873

    • SHA1

      951808febe174bb345e61622d0e890a86c36a3a6

    • SHA256

      1b3cabb09aa612118c9f13c63c39fb8281991c5a802d0815f3f36655c1b5bdae

    • SHA512

      1fac6d91f2d8b31af25abd90479d94974a0c561054e56d3ea27c69fe02b02187479e583c1d5e4b55b2fbb88f95b8f079673625303f6dedc63b3f247256e2336a

    • SSDEEP

      786432:57r3dPKRJvrHiRyc0eacOHzeMKVxzx5c6OHzeMKVxzx5cU5FpYQiln3p:5FQJvrHLc0eacOHzDCd5c6OHzDCd5cUM

    Score
    10/10
    asyncratdefrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks