Overview

overview

10

Static

static

5

PDT57624-5...10.exe

windows7-x64

10

PDT57624-5...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PDT57624-562109797-90EF87210.rar

  • Size

    471KB

  • Sample

    240608-asqd8afd79

  • MD5

    585c218e4c5fea454432945692506ef6

  • SHA1

    09f1f291a3c13821105b6ce36ded7b8fb599a395

  • SHA256

    fdbd5c837b5681875ed0a36d1353402a3ed84b2ee08cd10f5b22f2452294f7ca

  • SHA512

    8733b9b6ca8d8dba85121b39a31bd352cd202c260947af574501c3bb17ffa9b2ff2d8eab03cd86a05d722726c160a2575d943a45164dbed5df2eae48b484e503

  • SSDEEP

    12288:/YD2/TPMEecVPsNIjBaP1fGxkOhAn2rOqq3:/YK/TPR5VPRjOVGaOhu2yp

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

zaragoza.ddns.net:5480

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    fwqoouQWEGr.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PDT57624-562109797-90EF87210.exe

    • Size

      981KB

    • MD5

      81b98c51908ca85ed30fde2d11b36e8a

    • SHA1

      081e733da5e3c656402e00de8bfcc0799bf1758b

    • SHA256

      401908347a0f8a0a2d78311dbf7808b9d64d9cf02000e2d460c62857c4722b6b

    • SHA512

      775c1b4b69e6428d2c4255e6b6ebb68714fccc93f03e7f78d19efab84213cb5e05d0d05ad2e3bf6e9a067ee010a4da22505938069fb7d5d2a450142f8f6f93b0

    • SSDEEP

      24576:pAHnh+eWsN3skA4RV1Hom2KXMmHasAUwm0a5:wh+ZkldoPK8YasAdmF

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks