Overview

overview

10

Static

static

3

68760aba1c...86.exe

windows7-x64

10

68760aba1c...86.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68760aba1c96bfb5e6e3e154c1a5a586

  • Size

    139KB

  • Sample

    231226-mt7q4sheg5

  • MD5

    68760aba1c96bfb5e6e3e154c1a5a586

  • SHA1

    51fc76291fecaad49d2a5d68e719ce4887fc2648

  • SHA256

    a0faaf623b7b60d42007ef59114eb5cc13c5863b3630a5fb103097d142f5e2e7

  • SHA512

    039064d0831a9a39673fd4ad9a0491bd6bb8bcd269b034e06152afd86877fc22b0945b33d5aee196efbea88d1370b7762bb02899410af392875841eefb5bc11a

  • SSDEEP

    3072:oB1DKOupYkHBbPPLQ2/TrIHpncLA6mJK38vmJ:g30YkhbLQ2bpA6mJK3C

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:4404

127.0.0.1:15184

6.tcp.ngrok.io:6606

6.tcp.ngrok.io:7707

6.tcp.ngrok.io:8808

6.tcp.ngrok.io:4404

6.tcp.ngrok.io:15184
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      68760aba1c96bfb5e6e3e154c1a5a586

    • Size

      139KB

    • MD5

      68760aba1c96bfb5e6e3e154c1a5a586

    • SHA1

      51fc76291fecaad49d2a5d68e719ce4887fc2648

    • SHA256

      a0faaf623b7b60d42007ef59114eb5cc13c5863b3630a5fb103097d142f5e2e7

    • SHA512

      039064d0831a9a39673fd4ad9a0491bd6bb8bcd269b034e06152afd86877fc22b0945b33d5aee196efbea88d1370b7762bb02899410af392875841eefb5bc11a

    • SSDEEP

      3072:oB1DKOupYkHBbPPLQ2/TrIHpncLA6mJK38vmJ:g30YkhbLQ2bpA6mJK3C

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks