Overview

overview

10

Static

static

10

2024-05-28...rd.exe

windows7-x64

1

2024-05-28...rd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-28_d320e00747abb1d7fa430cbfb4f0e333_megazord

  • Size

    3.8MB

  • Sample

    240528-w641esgd92

  • MD5

    d320e00747abb1d7fa430cbfb4f0e333

  • SHA1

    1e49b413e3ff83ca4ed626567a410bb504e2e05a

  • SHA256

    04d34301da1223f252b3d413f20ba5a8e1998a9999785e20f5dc030d121e4977

  • SHA512

    ab2a218f86db046b25e6dbeb2f41ab0baf87619237c793ae6ac8c75b1adcd1c9feda5267309a42c69c9c400a9c0836e0c0b56e6d091841c74ab1aae269c94c2e

  • SSDEEP

    49152:YqUaD6IL/ZJYH6+Vl3Op3fBGF9Hjdt5BgCjWLq7xEv+P3Xbz0JERdPAht:bM3hDxEYcMdPWt

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

ShiningForceRatMutex_cs_cs_cs

Attributes
  • delay

    1

  • install

    false

  • install_file

    syetm.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-05-28_d320e00747abb1d7fa430cbfb4f0e333_megazord

    • Size

      3.8MB

    • MD5

      d320e00747abb1d7fa430cbfb4f0e333

    • SHA1

      1e49b413e3ff83ca4ed626567a410bb504e2e05a

    • SHA256

      04d34301da1223f252b3d413f20ba5a8e1998a9999785e20f5dc030d121e4977

    • SHA512

      ab2a218f86db046b25e6dbeb2f41ab0baf87619237c793ae6ac8c75b1adcd1c9feda5267309a42c69c9c400a9c0836e0c0b56e6d091841c74ab1aae269c94c2e

    • SSDEEP

      49152:YqUaD6IL/ZJYH6+Vl3Op3fBGF9Hjdt5BgCjWLq7xEv+P3Xbz0JERdPAht:bM3hDxEYcMdPWt

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables containing the string DcRatBy

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks