Overview

overview

10

Static

static

1

c09a226c0b...0N.exe

windows7-x64

10

c09a226c0b...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c09a226c0b3f242d0bb706678fe124c0N.exe

  • Size

    1.7MB

  • Sample

    240803-t74pyatdqh

  • MD5

    c09a226c0b3f242d0bb706678fe124c0

  • SHA1

    4836a0bfd5175284e01e4e7e116245e4d7e2ab25

  • SHA256

    aea4131bcafdd9c1e946b15b2df3d26e79e54a016abd5d8e0d6d034c4d282642

  • SHA512

    36569dbdeaa2eb233ed507f4cba5ee7ae6a59a524ec8e50cf76416943b85e3d2da60f1eaed41bae947c76e679526686b5947941d460092e305a467a4f9db7cf7

  • SSDEEP

    24576:5SRgFeEWFKAtgvSjW6BD2ZiTO8dAi2o74Lq+gpBD9a:P

Score
10/10
asyncratcarlos1discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

CARLOS1

C2

carlos1.con-ip.com:6606

Mutex

uuooxuxbnkywum

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      c09a226c0b3f242d0bb706678fe124c0N.exe

    • Size

      1.7MB

    • MD5

      c09a226c0b3f242d0bb706678fe124c0

    • SHA1

      4836a0bfd5175284e01e4e7e116245e4d7e2ab25

    • SHA256

      aea4131bcafdd9c1e946b15b2df3d26e79e54a016abd5d8e0d6d034c4d282642

    • SHA512

      36569dbdeaa2eb233ed507f4cba5ee7ae6a59a524ec8e50cf76416943b85e3d2da60f1eaed41bae947c76e679526686b5947941d460092e305a467a4f9db7cf7

    • SSDEEP

      24576:5SRgFeEWFKAtgvSjW6BD2ZiTO8dAi2o74Lq+gpBD9a:P

    Score
    10/10
    asyncratcarlos1discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks