Overview

overview

10

Static

static

10

2216-43-0x...ry.exe

windows7-x64

10

2216-43-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2216-43-0x0000000005150000-0x0000000005162000-memory.dmp

  • Size

    72KB

  • Sample

    240730-k66y8swanj

  • MD5

    0f27885446ee41b884be8590e073a57a

  • SHA1

    0151684fec6e3315bf644394e58ba862a5fcbe11

  • SHA256

    d1f44ff6dc3ccb05ed82fb0ff2829efd4a5f01c87b7b8153116647878e664aad

  • SHA512

    181897b7ba3b9c62062011f441c0d0c9f60d646c8a67b5dd99309d9022cc7f8b1f94aa285bb66b92ebdc448a269b05021ffb9403a34f7f9be53d0bc6decfa36b

  • SSDEEP

    768:/ukzVT0kLd3WULgPdVmo2qDJCXOmt/PIizjb5gX3iz0LJsayEoZgtWkBDZix:/ukzVT0Mq12kX/i3bWXSzWs3gjdix

Score
10/10
asyncratdefaultcredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

192.228.105.2:7707

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    svchst.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2216-43-0x0000000005150000-0x0000000005162000-memory.dmp

    • Size

      72KB

    • MD5

      0f27885446ee41b884be8590e073a57a

    • SHA1

      0151684fec6e3315bf644394e58ba862a5fcbe11

    • SHA256

      d1f44ff6dc3ccb05ed82fb0ff2829efd4a5f01c87b7b8153116647878e664aad

    • SHA512

      181897b7ba3b9c62062011f441c0d0c9f60d646c8a67b5dd99309d9022cc7f8b1f94aa285bb66b92ebdc448a269b05021ffb9403a34f7f9be53d0bc6decfa36b

    • SSDEEP

      768:/ukzVT0kLd3WULgPdVmo2qDJCXOmt/PIizjb5gX3iz0LJsayEoZgtWkBDZix:/ukzVT0Mq12kX/i3bWXSzWs3gjdix

    Score
    10/10
    asyncratdefaultdiscoveryratcredential_accessspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks