Overview

overview

10

Static

static

10

real yaku ...st.exe

windows10-1703-x64

10

real yaku ...st.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    real yaku rat btw.rar

  • Size

    24KB

  • Sample

    240607-fgaghsba58

  • MD5

    56d1bb67621c975503c1265de3a81af7

  • SHA1

    c56669b9c7f235a1f27d969d09ecae3cf4d94564

  • SHA256

    3417c00221fdadcbd1d799f17f27866ca67a83fdb4300561bbc59889a75dc4cd

  • SHA512

    046f9b02d9e0f3276066ed15c4d5fdd83b04d5b692ff87c299386ac5c07ce094f0454135ca2c65dc3c3f5a9c6278aff82d170dbe891ede2c973933e0b10531fb

  • SSDEEP

    384:GVZTAVXj6axWFEictjm4KIYaDlcZWcVXNK/Vqej+13yNqa6GC7d4n5ZyXiUebHCK:GQXj6akF0tjm4MSuDWXjgy3C7eyyJiK

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

NUxv2StaiLXp

Attributes
  • delay

    3

  • install

    true

  • install_file

    yaku.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      real yaku rat btw/aimassist.exe

    • Size

      50KB

    • MD5

      d805abdda32c7c184df6da796c49ac24

    • SHA1

      9f10aceef457acb620bae0de53dfc9d1d62a4127

    • SHA256

      35f9834a2038819dcc1f4be11fd4b1814d59daa1e999bfb3a15a23abd3b82e01

    • SHA512

      9395dcb8eeff70e702e0f7dbd6925badcf751bc8ba02947ee607ccfcc7f3eb04fa2bce9937fe5924acd759c5ff7ffe35aae3a43e044311aadd8f79214bfbdcdb

    • SSDEEP

      768:DudJtT/PWEEWUKriOmo2qBFP0QZmFL6PICWyoB0bYWwSZZ/25AlaK/16nxvSq4B/:DudJtT/eo2qSCWBWbYWdiyJjq+dHx

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks