Overview

overview

10

Static

static

10

goodz.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    goodz.exe

  • Size

    48KB

  • Sample

    240805-xr6q5svgqp

  • MD5

    e9f58adf1fbecde95e318f207ccc7e71

  • SHA1

    1a9071a83cd2d9a5ddfd598f9342452056d89033

  • SHA256

    8505493233081640694d465e23211480ff62290cb0c637953b042c74afac75d0

  • SHA512

    ffc953b9b56e01b09d447e559856b477639ea8fc8ca4ae1658801494aaaa211b3f34f4f8f7fdff63c6654d37671700560e2fe7fcd91f0e591a2bfd24c29614ef

  • SSDEEP

    768:uuIdtT/w70kWUquzumo2qz+04Q3bqP+PI91UWrsd0bHs6wgbM7Vf3wmyxjlalBDL:uuIdtT/kW2j+GPH91UWrs6bHs6vMhVgc

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

216.189.134.79:6606

216.189.134.79:7707

216.189.134.79:8808
Mutex

fcg7msn363CZ

Attributes
  • delay

    3

  • install

    true

  • install_file

    goodz.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      goodz.exe

    • Size

      48KB

    • MD5

      e9f58adf1fbecde95e318f207ccc7e71

    • SHA1

      1a9071a83cd2d9a5ddfd598f9342452056d89033

    • SHA256

      8505493233081640694d465e23211480ff62290cb0c637953b042c74afac75d0

    • SHA512

      ffc953b9b56e01b09d447e559856b477639ea8fc8ca4ae1658801494aaaa211b3f34f4f8f7fdff63c6654d37671700560e2fe7fcd91f0e591a2bfd24c29614ef

    • SSDEEP

      768:uuIdtT/w70kWUquzumo2qz+04Q3bqP+PI91UWrsd0bHs6wgbM7Vf3wmyxjlalBDL:uuIdtT/kW2j+GPH91UWrs6bHs6vMhVgc

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks