Overview

overview

10

Static

static

3

a5565d3428...ea.exe

windows7-x64

10

a5565d3428...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5565d3428290bfc6c4a9bcca68c15ea.exe

  • Size

    937KB

  • Sample

    240522-x591qadf4w

  • MD5

    a5565d3428290bfc6c4a9bcca68c15ea

  • SHA1

    28797c12ca5450fc854f773fb0c42414c0229fa8

  • SHA256

    894a90bbfcbd16442d3b117f6b391c1f22b72d1aebafd0ff51a60df08b1e434d

  • SHA512

    699f9c7266fc24b78bd44d026f7c4c98e613cde7b5d32efefa65dec1706ffac4f266b712760891cb45bcf6fae96880e9ce9b3246056778e78d682e32b333d7e4

  • SSDEEP

    24576:uboifHo7t2xklCohhwbfIWyQZD/Og34dK:ubxfel3hyf1

Score
10/10
asyncratneqratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

neq

C2

goodone.loseyourip.com:6606

goodone.loseyourip.com:7707

goodone.loseyourip.com:8808
Mutex

AsyncMutex_adnocxxs

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      a5565d3428290bfc6c4a9bcca68c15ea.exe

    • Size

      937KB

    • MD5

      a5565d3428290bfc6c4a9bcca68c15ea

    • SHA1

      28797c12ca5450fc854f773fb0c42414c0229fa8

    • SHA256

      894a90bbfcbd16442d3b117f6b391c1f22b72d1aebafd0ff51a60df08b1e434d

    • SHA512

      699f9c7266fc24b78bd44d026f7c4c98e613cde7b5d32efefa65dec1706ffac4f266b712760891cb45bcf6fae96880e9ce9b3246056778e78d682e32b333d7e4

    • SSDEEP

      24576:uboifHo7t2xklCohhwbfIWyQZD/Og34dK:ubxfel3hyf1

    Score
    10/10
    asyncratneqratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks