Overview

overview

10

Static

static

3

d44f9911b4...e9.exe

windows7-x64

10

d44f9911b4...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d44f9911b438f812a22493e2012228fe97c69c36a0ea0a356fc22019076ba6e9.exe

  • Size

    358KB

  • Sample

    240307-qext5sch3x

  • MD5

    25416a3fffe4dc230bb33a3be149ce31

  • SHA1

    5318c25cfda7999272801e7ab35b53969571680b

  • SHA256

    d44f9911b438f812a22493e2012228fe97c69c36a0ea0a356fc22019076ba6e9

  • SHA512

    43d14550dbae3c56a4e7ead60e27a183a73df38bd973c4ff9025b6aff4585fa145d51e8b8206c27d7dc30d93723c9024d4dcf9004f684e9936e1419060817f31

  • SSDEEP

    6144:cWRCArCss08DHPKACuohwI66inyV3BABVGL4YpqDMQyKlfwZ:tRPdsBC7u2wI66inMu+jpWMbKG

Score
10/10
asyncratnnapersistencerat

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

NNa

C2

buike.kozow.com:6606

buike.kozow.com:7707

buike.kozow.com:8808
Mutex

AsyncMut9348u95iuj3485u843u584iji34hr79duyh 9u324hiur934uiruu98

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      d44f9911b438f812a22493e2012228fe97c69c36a0ea0a356fc22019076ba6e9.exe

    • Size

      358KB

    • MD5

      25416a3fffe4dc230bb33a3be149ce31

    • SHA1

      5318c25cfda7999272801e7ab35b53969571680b

    • SHA256

      d44f9911b438f812a22493e2012228fe97c69c36a0ea0a356fc22019076ba6e9

    • SHA512

      43d14550dbae3c56a4e7ead60e27a183a73df38bd973c4ff9025b6aff4585fa145d51e8b8206c27d7dc30d93723c9024d4dcf9004f684e9936e1419060817f31

    • SSDEEP

      6144:cWRCArCss08DHPKACuohwI66inyV3BABVGL4YpqDMQyKlfwZ:tRPdsBC7u2wI66inMu+jpWMbKG

    Score
    10/10
    asyncratnnapersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks