Overview

overview

10

Static

static

3

4e96241248...d7.exe

windows7-x64

10

4e96241248...d7.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4a77cea5a03f4a34f8d5640cebd44ac.bin

  • Size

    1.9MB

  • Sample

    240817-b4fvlazelh

  • MD5

    731d47fa82a90fae868b9f7b1fe52bf4

  • SHA1

    99e32a98f78fbbd3998197b8b958e40d1d8a9c98

  • SHA256

    39baa2688320d6153376687d27d0fc29c5d25cdfe8884476b1a5c0ba8e872987

  • SHA512

    ad0a45731ef23f5fe10710012e8a7b742af90969ec4b2bd2cdf6450b2fa263b4474982bb66ef110550f8263f00648949b29b83282cbd5b25ad847f77fd2660a8

  • SSDEEP

    49152:kwKhfc23rK+gQx9xSEpSBGeGjPneLUaOFoiaStFO/lw7:k/hfcEx9xSISBGbyL/ETo+7

Score
10/10
asyncratamudiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

AMU

C2

jnmanymen.ydns.eu:1470

Mutex

zVHQMfZojR9k

Attributes
  • delay

    10

  • install

    true

  • install_file

    windows.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      4e96241248a8f9b7304190d21a081afb646f432d1ffbd3fbab7207515313fdd7.exe

    • Size

      2.0MB

    • MD5

      b4a77cea5a03f4a34f8d5640cebd44ac

    • SHA1

      cff95695ce0d401135206f3a7dda81b91d3c6b1e

    • SHA256

      4e96241248a8f9b7304190d21a081afb646f432d1ffbd3fbab7207515313fdd7

    • SHA512

      3b5e2edcc9d9be7f141d42e4dc67405d6bf6f6b423f6d18c4090bf46d421dda8743a4fec3599a1fcb8813ed3f1b4d514864741bc50c13fd183b42fa71a51f5fe

    • SSDEEP

      49152:GZd4ryFkp8Y4N1Pq3FKHv6T0x5E/aHJEt050R:G7qrpddVBTBR

    Score
    10/10
    asyncratamudiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks