Overview

overview

10

Static

static

1

10cec8dbe0...eb.exe

windows7-x64

10

10cec8dbe0...eb.exe

windows10-2004-x64

10

ChildManua...ds.vbs

windows7-x64

1

ChildManua...ds.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10cec8dbe0d9c07290686b0b232d34eb.exe

  • Size

    1.2MB

  • Sample

    241008-3by91sxepj

  • MD5

    10cec8dbe0d9c07290686b0b232d34eb

  • SHA1

    72a97a9f499ae90a3cf232f09d55a33f617bf388

  • SHA256

    5bbb7a91ebfa925b0765103006bdde91f19c648ae792fab9dbc73832f3b2423c

  • SHA512

    cc29b516f31b483dab161817a8ee15a9723b3e26d507b35878546c83ba23163450d06c9783cb2a03e83d37e5dc3c953760c657e210b40282ca8160297d71897e

  • SSDEEP

    12288:GzZ/DSq5YIrpsK7p3ADr20z9Fc2DNaC5o1e5lWfcLRDDrWmp47CrK0yf8I9lwSVy:GzZnjKg3ADrO2paC5fgyRazWm0ylw7

Score
10/10
asyncratminidiscoveryratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

Mini

C2

38.242.236.116:7707

38.242.236.116:8808
Mutex

AsyncMutex_coder

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      10cec8dbe0d9c07290686b0b232d34eb.exe

    • Size

      1.2MB

    • MD5

      10cec8dbe0d9c07290686b0b232d34eb

    • SHA1

      72a97a9f499ae90a3cf232f09d55a33f617bf388

    • SHA256

      5bbb7a91ebfa925b0765103006bdde91f19c648ae792fab9dbc73832f3b2423c

    • SHA512

      cc29b516f31b483dab161817a8ee15a9723b3e26d507b35878546c83ba23163450d06c9783cb2a03e83d37e5dc3c953760c657e210b40282ca8160297d71897e

    • SSDEEP

      12288:GzZ/DSq5YIrpsK7p3ADr20z9Fc2DNaC5o1e5lWfcLRDDrWmp47CrK0yf8I9lwSVy:GzZnjKg3ADrO2paC5fgyRazWm0ylw7

    Score
    10/10
    asyncratminidiscoveryratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      ChildManual/Compounds

    • Size

      16KB

    • MD5

      3bd8a78d4a3e3bffb56e7eaf6c3613e9

    • SHA1

      f6e3cfa1bb9f305a7e61c764a983e7537375f579

    • SHA256

      2cd4d6de3239d3d0d48914fabecb16ad45f1fc35b90dba727497a7cb8a414be3

    • SHA512

      3365fb24d95e3ddf5997dda669f839e2638eca8ba81b5a2f1460264407459e06a45f5f942f47ab4434ae9c9af0097282edf535189c13a8c54a0524e140b2a9da

    • SSDEEP

      384:odue9MJgH+YRWFWmOq7dpBAH1rrH+IjTAX29Krta9AYWYRE/:oX99H+vWyl+BHpvNpzY

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks