Overview

overview

10

Static

static

1

2024-08-16...ys.exe

windows7-x64

1

2024-08-16...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-16_8011acea0e5030f608593fb802e517db_avoslocker_hijackloader_rhadamanthys

  • Size

    3.2MB

  • Sample

    240816-a551favhlh

  • MD5

    8011acea0e5030f608593fb802e517db

  • SHA1

    8c1c5aa5194d74f8cc1424a25512f45ee8404725

  • SHA256

    0a2ed20b002c7738de9b99d5c47d51d473109f0b83a404675559acd9a74f2d0b

  • SHA512

    dae41758d3329adbcf3ef9788dd84c2bba1b6535da99933f21c9fcf68cad276f0481466f87810614c3b9493b4007a52a748fc2382e1e8629f79bcd4b75c490f7

  • SSDEEP

    49152:kXeNOuzHeGGUCwhkfofCfokLi/sazR0BSCpmoLBin9VO3Q59HU1f:kXtwhkfo6gkLixR0BSChiO3wlof

Score
10/10
asyncratagostodiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

AGOSTO

C2

windowsconection.duckdns.org:3030

Mutex

SMN4GzHZREaPq56YwtzqnQ

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-08-16_8011acea0e5030f608593fb802e517db_avoslocker_hijackloader_rhadamanthys

    • Size

      3.2MB

    • MD5

      8011acea0e5030f608593fb802e517db

    • SHA1

      8c1c5aa5194d74f8cc1424a25512f45ee8404725

    • SHA256

      0a2ed20b002c7738de9b99d5c47d51d473109f0b83a404675559acd9a74f2d0b

    • SHA512

      dae41758d3329adbcf3ef9788dd84c2bba1b6535da99933f21c9fcf68cad276f0481466f87810614c3b9493b4007a52a748fc2382e1e8629f79bcd4b75c490f7

    • SSDEEP

      49152:kXeNOuzHeGGUCwhkfofCfokLi/sazR0BSCpmoLBin9VO3Q59HU1f:kXtwhkfo6gkLixR0BSChiO3wlof

    Score
    10/10
    asyncratagostodiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks