Overview

overview

10

Static

static

10

Client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    48KB

  • Sample

    240814-cny7nsvdje

  • MD5

    a41754aa9cfd098e0f31fce03ab38166

  • SHA1

    22946a1c7828ab7a5f218b6a815350fc0e1d1c1b

  • SHA256

    f4876b06da96639271728c1c65aff064d45de3307a09f17d04686c0bf410bcc7

  • SHA512

    5cc51386415d49e6d4c87111f6674347568047ad3420f8095559f0d077b5f7593506a34d4877765563ff0feccf50c9d1b7501452ab7dc6ce611768571d248cd9

  • SSDEEP

    768:UVNYu9bVIILoech+ri0telDSN+iV08YbygeQVzZE3GdvEgK/JvZVc6KN:UVG7Z0tKDs4zb1lVzZEEnkJvZVclN

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • c2_url_file

    https://Pastebin.com/raw/fevFJe98

  • delay

    1

  • install

    true

  • install_file

    nigger.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Client.exe

    • Size

      48KB

    • MD5

      a41754aa9cfd098e0f31fce03ab38166

    • SHA1

      22946a1c7828ab7a5f218b6a815350fc0e1d1c1b

    • SHA256

      f4876b06da96639271728c1c65aff064d45de3307a09f17d04686c0bf410bcc7

    • SHA512

      5cc51386415d49e6d4c87111f6674347568047ad3420f8095559f0d077b5f7593506a34d4877765563ff0feccf50c9d1b7501452ab7dc6ce611768571d248cd9

    • SSDEEP

      768:UVNYu9bVIILoech+ri0telDSN+iV08YbygeQVzZE3GdvEgK/JvZVc6KN:UVG7Z0tKDs4zb1lVzZEEnkJvZVclN

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks