Overview

overview

10

Static

static

3

c89f062076...0N.exe

windows7-x64

10

c89f062076...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c89f06207619b46aff5d7d3824f315d0N.exe

  • Size

    40KB

  • Sample

    240818-mknlwasdqm

  • MD5

    c89f06207619b46aff5d7d3824f315d0

  • SHA1

    e5253820c444920bc4ab49f67a50a65c0e725e67

  • SHA256

    93e9e60b2642385ba3972dde3db83f404ede759b98e85465e962b040a81920af

  • SHA512

    edba8543774ed2c22796adb41b02228ea7c33dac0c877f4274cac8553a5e08d1d41c45c3738f975e55f1b8ffb92c23ce27dc274a2ecf6abb9860ea6dd0617650

  • SSDEEP

    768:BWRs92Ry5MfORJRRoQMq0X/eVgqGHBVlC1kqECUV8ix:QRwzmWRnjq3lbCqx

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

http://rconhomne.ddns.net/:6606

http://rconhomne.ddns.net/:7707

http://rconhomne.ddns.net/:8808
Mutex

INto6wUrRcnC

Attributes
  • delay

    60

  • install

    true

  • install_file

    $77system.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      c89f06207619b46aff5d7d3824f315d0N.exe

    • Size

      40KB

    • MD5

      c89f06207619b46aff5d7d3824f315d0

    • SHA1

      e5253820c444920bc4ab49f67a50a65c0e725e67

    • SHA256

      93e9e60b2642385ba3972dde3db83f404ede759b98e85465e962b040a81920af

    • SHA512

      edba8543774ed2c22796adb41b02228ea7c33dac0c877f4274cac8553a5e08d1d41c45c3738f975e55f1b8ffb92c23ce27dc274a2ecf6abb9860ea6dd0617650

    • SSDEEP

      768:BWRs92Ry5MfORJRRoQMq0X/eVgqGHBVlC1kqECUV8ix:QRwzmWRnjq3lbCqx

    Score
    10/10
    asyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks