General

  • Target

    2024-06-25_e6feb59befb1dcda6d75f6f1097dc466_ryuk

  • Size

    1.3MB

  • Sample

    240625-ay13xa1bjd

  • MD5

    e6feb59befb1dcda6d75f6f1097dc466

  • SHA1

    f5b40549c5b74f9d2203a1809c65849c6aba0253

  • SHA256

    fac6f7c103da0517cd9fbbd70ff61fee5db96aff1187e896f8c99f62ddae309f

  • SHA512

    3818b72acfdfa228f95baa22a3c1a2630677d154984145b5284efd1c7ae674a0ae8a0dcbbe7a2d308c067150c79aea083d7c1b44c3ec57af6b93d7fdf743a3ac

  • SSDEEP

    24576:jBnSh9eCojTHHpXKune0W7aLi/XWUSFhO9kl31k8/g:tShLoj7Hpauy7EidSL4gu8I

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

Mutex

no4.agentwindows.live

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-06-25_e6feb59befb1dcda6d75f6f1097dc466_ryuk

    • Size

      1.3MB

    • MD5

      e6feb59befb1dcda6d75f6f1097dc466

    • SHA1

      f5b40549c5b74f9d2203a1809c65849c6aba0253

    • SHA256

      fac6f7c103da0517cd9fbbd70ff61fee5db96aff1187e896f8c99f62ddae309f

    • SHA512

      3818b72acfdfa228f95baa22a3c1a2630677d154984145b5284efd1c7ae674a0ae8a0dcbbe7a2d308c067150c79aea083d7c1b44c3ec57af6b93d7fdf743a3ac

    • SSDEEP

      24576:jBnSh9eCojTHHpXKune0W7aLi/XWUSFhO9kl31k8/g:tShLoj7Hpauy7EidSL4gu8I

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables containing the string DcRatBy

MITRE ATT&CK Matrix ATT&CK v13

Tasks