Overview

overview

10

Static

static

1

K7AVWScn.dll

windows7-x64

5

K7AVWScn.dll

windows10-1703-x64

5

K7AVWScn.dll

windows10-2004-x64

5

K7AVWScn.dll

windows11-21h2-x64

5

K7AVWScn.exe

windows7-x64

10

K7AVWScn.exe

windows10-1703-x64

10

K7AVWScn.exe

windows10-2004-x64

10

K7AVWScn.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mumayangben.zip

  • Size

    14.1MB

  • Sample

    240226-p8t5nsee7x

  • MD5

    57e46521ad96557b1870c717281e8105

  • SHA1

    ea0bcc620fbed24f5cde218b072869b227710468

  • SHA256

    40103845914595c6530057b509cecacb96e8666e722f244e82270e3996572317

  • SHA512

    f832b9339e69d6efe849e044826334e0d760ad0657d359171944f8970271e80cd3cc2092c24da31b218d6a5482e4809a8f5c79f33d88bce4004cd986c3b39311

  • SSDEEP

    393216:RzUOXauAVREyDYOZ3/cP1C2eWvR6i6RWrR:dUQCRoCcP0/WgRWrR

Score
10/10
asyncrattestrat

Malware Config

Extracted

Family

asyncrat

Version

GodRat 1.0.0

Botnet

test

C2

128.199.66.119:56789

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      K7AVWScn.dll

    • Size

      14.5MB

    • MD5

      d0a5b2f6708dde433d7ffdbc7d0702e2

    • SHA1

      221b6e07630155d2129e20a999e0fe58992c388f

    • SHA256

      87404415bc0323889006ec9ad2f9eb13bcc72d8a6badb588c00907d6da6fe5e9

    • SHA512

      e5712e92d0b7a5f0e9d66e2a39e0dbe21146ca195e995a8244dbe59a023959cb1eac6ef3a662361fce3d9d2c524b3108713a42e6b75b2f184f4329c6506f8f6e

    • SSDEEP

      196608:kGaeLHqMwXI5GC/eBjHSvmzJkYEmUkWFclk6fmqJ0pQhXLqAzop2hteZdZzYbi4:kGae4CUH0tJmULqJ1hptefdYO4

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3behavioral4

    • Target

      K7AVWScn.exe

    • Size

      55KB

    • MD5

      cbfeb134d0c76e8d53076e0e20e09559

    • SHA1

      db1591c6e23160a94f6312ca46da2d0bb243322c

    • SHA256

      dd5a6c162eff8103f6e06149faf1287feeb6dbbbb9bbca031145767fd69ce500

    • SHA512

      52c6f6fc9d63ddd05f78ccbdd150e296287409db42346c3932554f4a2e091d98bface4510386460133e89725ba2a0bf937e40bb18ce7d1c40ca7e3ef124b304a

    • SSDEEP

      768:+RGLsd/7CSG4nIYzIyHCwTW6AwykxpGG+xG5CFcn7NMT:+Qo1GT+BW6AavWY5ucn7Nc

    Score
    10/10
    asyncrattestrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Matrix

Tasks