Overview

overview

10

Static

static

3

ud.exe

windows7-x64

10

ud.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ud.exe

  • Size

    261KB

  • Sample

    240607-yw8a7sdf44

  • MD5

    75fb257a45f68b45c3def64b60db17e0

  • SHA1

    83f3d83dbc9549e0ca584d7d079fbede925753dd

  • SHA256

    0809625ede2855e52bb46b2a4c78cf33a549a1c20f5470203d7e2b597c05f29f

  • SHA512

    4d427b7877059a4e6dcfd5bb0f4db6700de2fe7542d4b7452df482ac2f73905d0725cdeb51bb4a1b74b2e34347bce3692c1ab5021a234f3a208468d7f6f66934

  • SSDEEP

    3072:dXytAeE7XyCMrJLwzB8JV1EXeDU1RU3haZYVG/RXytAeE7XyCMrJLwzB8JV1EXeV:V5VCC1zqnU1RWkp5VCC1zqnU1RWk

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8080

127.0.0.1:18775

127.0.0.1:13297

4.tcp.eu.ngrok.io:8080

4.tcp.eu.ngrok.io:18775

4.tcp.eu.ngrok.io:13297

6.tcp.eu.ngrok.io:8080

6.tcp.eu.ngrok.io:18775

6.tcp.eu.ngrok.io:13297
Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_file

    explorer.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ud.exe

    • Size

      261KB

    • MD5

      75fb257a45f68b45c3def64b60db17e0

    • SHA1

      83f3d83dbc9549e0ca584d7d079fbede925753dd

    • SHA256

      0809625ede2855e52bb46b2a4c78cf33a549a1c20f5470203d7e2b597c05f29f

    • SHA512

      4d427b7877059a4e6dcfd5bb0f4db6700de2fe7542d4b7452df482ac2f73905d0725cdeb51bb4a1b74b2e34347bce3692c1ab5021a234f3a208468d7f6f66934

    • SSDEEP

      3072:dXytAeE7XyCMrJLwzB8JV1EXeDU1RU3haZYVG/RXytAeE7XyCMrJLwzB8JV1EXeV:V5VCC1zqnU1RWkp5VCC1zqnU1RWk

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks