Overview

overview

10

Static

static

3

Xeron_Scan...20.exe

windows7-x64

10

Xeron_Scan...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62b31f9c1e90ca879a1546c511d6c311_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240722-ljxygszfmh

  • MD5

    62b31f9c1e90ca879a1546c511d6c311

  • SHA1

    98efaa174a7d6d90353120f5e9059b28ff65ada3

  • SHA256

    290ed573c3be19bb9f7a4503d9ce1cc95d33191c6078d127cceabd63a7e98a3b

  • SHA512

    7fefd0a93e5c62985a42354475e8267498b3b4077e4a128ebf0c1abb4a3f2320525b9485501b13adad5c4506f34e26a18b651988edf7d6b9c72483f78840101d

  • SSDEEP

    6144:VBUl1fcf0Tv2sbP6mSPmFFLmlrqQroarJ0zUWZyzhX:U79vnz6mSQYxkarJaZyzh

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

severdops.ddns.net:6204

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Xeron_Scan17022020.exe

    • Size

      380KB

    • MD5

      a52d0c834a09cc7efdfe374ee2f4f90e

    • SHA1

      5957da57c40aef542a52d07df04501f74b631bdb

    • SHA256

      aaf00e1348307208d3415f629193cdf125171170a32a8cdeb140e8373d079714

    • SHA512

      e99e1429dcac7398473cecb4a63cce2ac1b0bccb2f4dd284e38c1ca16dac21d0d6552c886604c87fe79590274ea821734faf874639f873883a75e0d4d5a247e8

    • SSDEEP

      6144:hBUl1fcf0Tv2sbP6mSPmFFLmlrqQroarJ0zUWZyzhX:Q79vnz6mSQYxkarJaZyzh

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks