Overview

overview

10

Static

static

10

New folder...nt.exe

windows10-2004-x64

10

New folder/borat.exe

windows10-2004-x64

1

New folder/purple.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder.zip

  • Size

    250KB

  • Sample

    240708-jrf9la1hmb

  • MD5

    862596f4db8efd0d6d1bae204ade81f5

  • SHA1

    272576dcc59964db391cae4247cf44ba45c6f06f

  • SHA256

    6bce3efc034465072079041148dcd6bdff611d1bd7dfbc4c61161faf47c3d066

  • SHA512

    695ebad239b023ee2bea080e225c351f504238e66327007802e40b7e0ed12cde15c4a3ad07d6ac15bd2ca8ca741882e4fbd43bb659099970b9daa15f73a716b1

  • SSDEEP

    6144:ECs9Ogq89cjxtez+i4nDxbqAR9zzmYARtf+kVKvTatstTC:Er9Om6jHntnDxbTRFnMf+kVKvTqstTC

Score
10/10
asyncratdefaultpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:8808

Mutex

QdNftpHJFSw4

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      New folder/AsyncClient.exe

    • Size

      45KB

    • MD5

      f16e8867fba04f91c9b25343df6808ca

    • SHA1

      5b09952a5bdc094c6c741e1cac74916c5c9cd1f0

    • SHA256

      cf8149bc61e14500b3e452e572c42fd19f61e7ac00371f7d23f7ec757a3e487a

    • SHA512

      6c9e35b7ea6eceeef8341820b5ee742a687ab902a9f6f99a3a989a501c46b3492ad2b6d8028031865b7e17af9dfe81c422b71e18b825fc306fc6504529b37ec6

    • SSDEEP

      768:mu/dRTUo0HQbWUnmjSmo2qMwKjPGaG6PIyzjbFgX3imQKGxDnx/ZWhfzBDZyx:mu/dRTUPE2kKTkDy3bCXShKGTZONdyx

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat
    behavioral1

    • Target

      New folder/borat.exe

    • Size

      56KB

    • MD5

      b8ac64f25d1bb46b96dacd7a08e18cef

    • SHA1

      5004da5acb99f16f3b22ccf0bea2a2d0d2a2f3a3

    • SHA256

      ef5ed639cc96d72b69907aeb6f8a41237d020737bb961e0bc79921561062df13

    • SHA512

      6e725fed80b35f967d6f6d1acb11f24c1b4bf63c307f266b9d8833a9bcbadc6b740bb74a34bf95bacaaa0c029f0ac64ca0d831114d480050cf409838f4f703cc

    • SSDEEP

      768:Adiv4Kbwg2V+YV5sfADYI1WQZUXX4tYKfffMcrpvaambGvlHGE2yvWhXIdT:A+bNsUXX4tV1afbSxGGvWpIdT

    Score
    1/10
    behavioral2

    • Target

      New folder/purple.exe

    • Size

      701KB

    • MD5

      ba3eb43f659b849ea66b0a80b627617f

    • SHA1

      49d51f3ca3e83536f017fc9aef68e5e1bd327dbe

    • SHA256

      b3275d86c8ddc8347c30bf6d40f212d6f012450fe268e9bd8d6b745be03f63bf

    • SHA512

      be65895157f103eb12e82b31071c8d9e66915b3ed8984fd89e8aee3f146bf5d279149d15e1845d8e75464ffc5ac8d3ac76f148ce7bb9ef04b10c74a47d4a0a4d

    • SSDEEP

      6144:EQ7A/MmCZRctXz339wC1GKDmbbizmTt9md:nU/M1K339wC1GKCbbiyZMd

    Score
    8/10
    persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks