Overview

overview

10

Static

static

3

UPXTestExploit.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UPXTestExploit.exe

  • Size

    6.7MB

  • Sample

    240817-bnt3aasbqn

  • MD5

    4653a8b802ecbf40e98447fc20a85b05

  • SHA1

    c4b807a30f01b94e7f6598079fc143d7f7a416f6

  • SHA256

    6e1b04e05f85a908e441e21096a29dd2269f6f07ab3e7f90211a20456c3527cb

  • SHA512

    d40e58fd63d29304ab4d8cd0f5c6892125d52d80659ce3a0b95d02d9f48c6603ac1887227ee5f5111cf74619097ab473c4d12e789c5e709775536da0e95fc419

  • SSDEEP

    196608:TLcOVIK6bQI0IuNNJIgJHL2YMsWdvkhVuOPRMJu0:E0Db2YVEvkTuiz

Score
10/10
asyncrat1337discoveryrat

Malware Config

Extracted

Family

asyncrat

Version

hookRAT / private

Botnet

1337

C2

147.185.221.16:56793

Mutex

aAFTorpq4fEa

Attributes
  • delay

    3

  • install

    false

  • install_file

    Update.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      UPXTestExploit.exe

    • Size

      6.7MB

    • MD5

      4653a8b802ecbf40e98447fc20a85b05

    • SHA1

      c4b807a30f01b94e7f6598079fc143d7f7a416f6

    • SHA256

      6e1b04e05f85a908e441e21096a29dd2269f6f07ab3e7f90211a20456c3527cb

    • SHA512

      d40e58fd63d29304ab4d8cd0f5c6892125d52d80659ce3a0b95d02d9f48c6603ac1887227ee5f5111cf74619097ab473c4d12e789c5e709775536da0e95fc419

    • SSDEEP

      196608:TLcOVIK6bQI0IuNNJIgJHL2YMsWdvkhVuOPRMJu0:E0Db2YVEvkTuiz

    Score
    10/10
    asyncrat1337discoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks