Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1266251505078636646/1270898176705953873/Tools_Archive.rar?ex=66b60869&is=66b4b6e9&hm=91f0c35186cccbb2697ad7fd3d8e93ff0f9a749dc6d48cfb622a04117600b2c0&

  • Sample

    240808-p5ln5atdrq

Score
10/10
asyncratredlinedefaultdiamotrixdiscoveryinfostealerpersistencepyinstallerrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

176.111.174.140:6606

176.111.174.140:7707

176.111.174.140:8808
Mutex

QaF6X2cpj8fc

Attributes
  • delay

    3

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Extracted

Family

redline

Botnet

diamotrix

C2

176.111.174.140:1912

Targets

    • Target

      https://cdn.discordapp.com/attachments/1266251505078636646/1270898176705953873/Tools_Archive.rar?ex=66b60869&is=66b4b6e9&hm=91f0c35186cccbb2697ad7fd3d8e93ff0f9a749dc6d48cfb622a04117600b2c0&

    Score
    10/10
    asyncratredlinedefaultdiamotrixdiscoveryinfostealerpersistencepyinstallerrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks