Overview

overview

10

Static

static

1

d4c2b9ff71...2d.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AppMon.ps1.zip

  • Size

    54KB

  • Sample

    240209-q67tesdd82

  • MD5

    0ba747202d4ad68217dde858eac8709d

  • SHA1

    81cee61ef7c137f4eba1b40f0834539c8901b6d4

  • SHA256

    689320b7a3471e8cdcc48d1699df6a67eae5dcaaffc4fba94818d9c39508fc6c

  • SHA512

    95465de2aaa5b819936a6796f87dae86c9defe932ddca03b1f55733cfe7b7de2404a4de774c68ccf5e541762b9887359838c146668229e0b09fcbb69e66e035a

  • SSDEEP

    768:IVYjCUBzw4C2PQeF1aaVStJ989dwDE+ezpjx7341ZINNazq9VKbxHx/XvhF4SJkN:I4CUBzhxjaISAWErz0UEq9VKbP/XJSd

Score
10/10
asyncrathellorat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

HELLO

C2

1bxb.ddns.net:6606

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      d4c2b9ff71e2d9d82b50442635aea83a06be56246682081d55fb75fbacc4b42d

    • Size

      230KB

    • MD5

      1cc06c253cffbb7cca4b066fa4640147

    • SHA1

      f2ac448adbf8a34a7c1f4b2d768a0c75b2cc5723

    • SHA256

      d4c2b9ff71e2d9d82b50442635aea83a06be56246682081d55fb75fbacc4b42d

    • SHA512

      5e3c07d3e2fc6766b174f54aac51db7995ae79e974baa7dbd7ead0865cc2edd195846e46e5faa6b645bd9e700037a45c0de7b07e98e8c61e61e60df71808b814

    • SSDEEP

      1536:jzMF8xkx7xlxYqrTgBTVvXSIIXUXdXXsXJXHoMJdzhLzrKazP919aeFtIwVs/KrU:UmatnZoBpfeV1fN1tzgD

    Score
    10/10
    asyncrathellorat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks