Overview

overview

10

Static

static

3

hr.exe

windows7-x64

10

hr.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hr.exe

  • Size

    90KB

  • Sample

    240616-mr8wdszgkg

  • MD5

    275d16ebd070c8ad1c4e3717bafe1e76

  • SHA1

    a8fb0f14d58417389a910520d8d6fc102d05cda7

  • SHA256

    4b4c5aed86e3530fe1a847c367cd0ed5ec050b7d6ff95d09838bea52c9df470a

  • SHA512

    d80242f62c99175957f8e184b36a4a7c9e2ef724968f279a259f2f6e875611457d92e5a54cc17fa52feb287b2adf364a6bd6cfc5ef235f7205cd00edff1dceed

  • SSDEEP

    1536:lxqVDK4tNAmRw8jZytCoBHnw9mzURxGR3sYD7KJD7bAabwp+ESck/dwsWX3NcdWS:lxdmGkmBHn6tRxY7KJDPb8+ENkW3cWTW

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

ShiningForceRatMutex_cs_cs_cs

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      hr.exe

    • Size

      90KB

    • MD5

      275d16ebd070c8ad1c4e3717bafe1e76

    • SHA1

      a8fb0f14d58417389a910520d8d6fc102d05cda7

    • SHA256

      4b4c5aed86e3530fe1a847c367cd0ed5ec050b7d6ff95d09838bea52c9df470a

    • SHA512

      d80242f62c99175957f8e184b36a4a7c9e2ef724968f279a259f2f6e875611457d92e5a54cc17fa52feb287b2adf364a6bd6cfc5ef235f7205cd00edff1dceed

    • SSDEEP

      1536:lxqVDK4tNAmRw8jZytCoBHnw9mzURxGR3sYD7KJD7bAabwp+ESck/dwsWX3NcdWS:lxdmGkmBHn6tRxY7KJDPb8+ENkW3cWTW

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks