Overview

overview

10

Static

static

3

1caa035205...b0.exe

windows7-x64

10

1caa035205...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1caa0352053eb98c1a6243c5daf8f2f500c678c45593f8cde34ec624bf2fa8b0

  • Size

    2.5MB

  • Sample

    241016-2epdjswgkb

  • MD5

    f9d170623021e1abe7201d2fd2724445

  • SHA1

    724d2cf592d117729000a2f1a2a70e4ecb293385

  • SHA256

    1caa0352053eb98c1a6243c5daf8f2f500c678c45593f8cde34ec624bf2fa8b0

  • SHA512

    458c71b4fab11a8ff42ef9e5f80918c70e4b558df878f2fd0408f13fcccc032b274c8d72b5d59b26ef95d0021df3b4f952b53357f080696a4071d6ca394687f3

  • SSDEEP

    49152:sOOwtpahnESjN+F77TkmGNXQqNeAK68mx6ZGbAOp:s/wtdDG7

Score
10/10
asyncrat016-octdiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

016-Oct

C2

doesnotkl.dynuddns.net:11206

Mutex

DcRatMutex_qyunchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1caa0352053eb98c1a6243c5daf8f2f500c678c45593f8cde34ec624bf2fa8b0

    • Size

      2.5MB

    • MD5

      f9d170623021e1abe7201d2fd2724445

    • SHA1

      724d2cf592d117729000a2f1a2a70e4ecb293385

    • SHA256

      1caa0352053eb98c1a6243c5daf8f2f500c678c45593f8cde34ec624bf2fa8b0

    • SHA512

      458c71b4fab11a8ff42ef9e5f80918c70e4b558df878f2fd0408f13fcccc032b274c8d72b5d59b26ef95d0021df3b4f952b53357f080696a4071d6ca394687f3

    • SSDEEP

      49152:sOOwtpahnESjN+F77TkmGNXQqNeAK68mx6ZGbAOp:s/wtdDG7

    Score
    10/10
    asyncrat016-octdiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks