Overview

overview

10

Static

static

1

RAT 2022 PACK.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAT 2022 PACK.zip

  • Size

    86.1MB

  • Sample

    240703-v8rx7szhjr

  • MD5

    6056181585b05ddaa8fe820d7c39188c

  • SHA1

    27e6f0d65d2d1ff87c54acdc07627d53977196fb

  • SHA256

    f77b4d1f44e950f4a7622a80344f5c7362bcb8f98c4c5f2b76373891b7f529cc

  • SHA512

    a5c03466bf26cb909d5fe3eeb73055bd0106a711580706b9dfcdd8c927d3eabc7ec98011fc9b5807b4e03740ffdfde0ce209b2431582f100daff765266282a67

  • SSDEEP

    1572864:vOuiC/3b3eku8bhxeLo1EF5xUu0cPDjbp4z3eXfeOsNtiwOgWRA8M:vOu2P8reGEikjbp4SXrGtxOgWRA3

Score
10/10
asyncratbabylonratremotehackingtoolspackdiscoveryrattrojan

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

RemoteHackingToolsPACK

C2

23.88.104.194:4982

Mutex

ergergerg5454RemoteHackingTo

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      RAT 2022 PACK.zip

    • Size

      86.1MB

    • MD5

      6056181585b05ddaa8fe820d7c39188c

    • SHA1

      27e6f0d65d2d1ff87c54acdc07627d53977196fb

    • SHA256

      f77b4d1f44e950f4a7622a80344f5c7362bcb8f98c4c5f2b76373891b7f529cc

    • SHA512

      a5c03466bf26cb909d5fe3eeb73055bd0106a711580706b9dfcdd8c927d3eabc7ec98011fc9b5807b4e03740ffdfde0ce209b2431582f100daff765266282a67

    • SSDEEP

      1572864:vOuiC/3b3eku8bhxeLo1EF5xUu0cPDjbp4z3eXfeOsNtiwOgWRA8M:vOu2P8reGEikjbp4SXrGtxOgWRA3

    Score
    10/10
    asyncratbabylonratremotehackingtoolspackdiscoveryrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Babylon RAT

      Babylon RAT is remote access trojan written in C++.

      trojanbabylonrat

    • Modifies file permissions

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks