Overview

overview

10

Static

static

10

New folder...nt.exe

windows11-21h2-x64

10

New folder/Build.exe

windows11-21h2-x64

8

New folder/Client.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder.zip

  • Size

    250KB

  • Sample

    240708-hrz62azdmh

  • MD5

    b1294f70ef9488a74e8edfdbb3955b36

  • SHA1

    8bdd5fa3cb6cc7c2601a7bbdd3a685658bcb533d

  • SHA256

    d05969d3d15e8a5875f6b19cc8677ac36938390d4e35a1e4d54935e20f7c9de2

  • SHA512

    c5b6d0db4f0d3b3985356193333852329f4e579e0673810f2947047cff213e99c6a540933d3fbf3acf691e0af01581b7780e3d8eb72cbf18998275f9b6c50108

  • SSDEEP

    3072:xFCIv4q/OIl+cAWpbMKq29NBAvrNMLmRr75hcFO0iA4NlujhoiJOSlMO+oKbXwHu:TCIgI4ybMuNBSMAh69iriOSb0bgfxF8R

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

QdNftpHJFSw4

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      New folder/AsyncClient.exe

    • Size

      45KB

    • MD5

      ca638cef81b67118a1c747a378228160

    • SHA1

      f3c7f9c1e2d474e9203a3a239346ea91f93e84f9

    • SHA256

      da9e561ecbb5cfff6d1c60660d5d37d5b072e8acfedd02bffb540185d366616d

    • SHA512

      0b21f52fe886b765c231782eee87060a24fe1cfeba61dcb2d3f3d1bfa1d654c84f157e04470dbefc74729dd85ded4f32834a1dad7b2c4515a091d1d20d44040a

    • SSDEEP

      768:mu/dRTUo0HQbWUnmjSmo2qMwKjPGaG6PIyzjbFgX3iQbR6HNnsIOkOe0hBDZyx:mu/dRTUPE2kKTkDy3bCXSQCn5+dyx

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat
    behavioral1

    • Target

      New folder/Build.exe

    • Size

      701KB

    • MD5

      5c57aec1a572c0a058819bd2ecedafed

    • SHA1

      1b07618ed0b0021f6375eba86bf5c284f9d2267f

    • SHA256

      1c9a80c3043965cb1ce3fb2245485562c23e9a84d79d3267d790ab6ce8cb9e1b

    • SHA512

      60b26b239afe732583a0c45800f9b842edfbaa67a76fa89526a3a5f62b87fe03dd265e70d51f140756e852c753e1d2990ef744d62aa1690ddc6b0610ad0e2ba0

    • SSDEEP

      6144:57A/MmJMsENIsRctX5rUvQSNj0LZOWM8yucn:5U/MmrrU1Nj0LZOd8yus

    Score
    8/10
    persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral2

    • Target

      New folder/Client.exe

    • Size

      56KB

    • MD5

      d9aad2098033a70a9671bc3deacfbd77

    • SHA1

      e6395c5d1c675aaef9d1b581a7d7c5be579afd47

    • SHA256

      47e68af5683d57061da0f35129870baef93d74babbe69bf2cd6a9bc1300865b8

    • SHA512

      d8cc90dd674acaf87afae54da8bbdc342f435816fb475b391b2d15561158e17e747d8f807f0971336724f369473a8afb562916a188a39475c70820fa66f09654

    • SSDEEP

      768:1div4Kbwg2V+YV5sfADYI1WQZLnqLMh0AoE7pwaambG4lR7vYvKb1Ro5ShXIZT:1+bNsjqLzECafbX375LoIpIZT

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks