Overview

overview

10

Static

static

3

64c8b53c2b...95.exe

windows7-x64

10

64c8b53c2b...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64c8b53c2b7cb8cc04c4fff14ad3c4eab13bedeedc466528b87be3915ec38695.zip

  • Size

    447KB

  • Sample

    240122-chal5aeacq

  • MD5

    a0d9119386f39f455af1d077a9294bc4

  • SHA1

    be5bd6bf38819fe242195e6d05ca1651261a1094

  • SHA256

    448db672abd0c8ad8bd5297e8b894a69d84707b786275604186f55f5ad4fdc2e

  • SHA512

    7a1e282160018139952f0e846075e0188089099f3c58b419455dc582d44eb7211f37d65cdd57fe4d6a2ea6abb99db4e73470a5f26299c1cdc3f51c2e6cf9b5bc

  • SSDEEP

    6144:YDcAWy9vw22N9Ec0YArJa/oF5Eiky2UCsFe8CQcC6seJFhYj4V2EywJ5dzk0+p7w:YMyqlN4YbyFafB+eFhYj0PzJvQ0+aso

Score
10/10
asyncratfudrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

FUD

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:3173
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    WindowsSt.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      64c8b53c2b7cb8cc04c4fff14ad3c4eab13bedeedc466528b87be3915ec38695

    • Size

      802KB

    • MD5

      1a607481e5eac2a788c0f3c7de46c6ff

    • SHA1

      02e0333cf5f0bc03652a0d1a09191356991430ec

    • SHA256

      64c8b53c2b7cb8cc04c4fff14ad3c4eab13bedeedc466528b87be3915ec38695

    • SHA512

      e8a1ac210c9461baa497280249ba37b6f2219b85fcbe3e8e99a2bf2464820ae88251da32b3e0c36d2d8b2b496140ed2a8490fab97b274ef0fd324a1834ac9377

    • SSDEEP

      12288:/hSFCbmY7Y+r9sv/WjW2BxXp2HLISv8OD1p:Z44Yc9qR2BZCLISkK1p

    Score
    10/10
    asyncratfudrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks