Overview

overview

10

Static

static

3

Acuerdo_Le...7..exe

windows7-x64

10

Acuerdo_Le...7..exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Acuerdo_Legal.N21237.tar

  • Size

    886KB

  • Sample

    241017-rz57pavclk

  • MD5

    a1cf9edad448a86cb594c6e779650efa

  • SHA1

    0b3ac5c613a28e77000bcc2530678d42824562e0

  • SHA256

    5dc7c78773f8da9ae20096d51ead4b4a79007252010215120522bec5118ef1aa

  • SHA512

    1a2af95aa49fe91f8a03b1832af1eb8838f6d3a8825dc10a5e955570b14ebcf59fd74532623180cdb5bb17b2fec846d039f3048b030a493a06a7ee9716084b9a

  • SSDEEP

    12288:b8AflHrE5VAuG7r8Uc6yMstsM3NcFpbLDE5RRuyKNbnt0+dfWxzpr2YenOlsNAlh:YABCVZUc4s4F65RRuyKNBfUF0Oi2lihk

Score
10/10
asyncratz-oct-16discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Z-Oct-16

C2

pt4040.4cloud.click:4004

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Acuerdo_Legal.N21237..exe

    • Size

      2.5MB

    • MD5

      49ec7b0a10c0c2fddf8ee9931e220a87

    • SHA1

      54389b474b33191afaf45fb464199f1a3089154a

    • SHA256

      edd192a65b9a5d7df1076294077e896a872bf8c6c1ab8799415f1ddaf32e0144

    • SHA512

      12b51b3782016b178b963ac7d598baf66b1c14bd04d5171c568ee82eea5f5e51fadace586053f726eb894c8f8a1dc2027e80d1e8aab5284c00c55f0705ff83a0

    • SSDEEP

      24576:oaF026oYvOqQcttZV3XzAsBahnBiSjNUwauYGA7oQb7dTcb+f9Gj4cEpFCkhzrE9:POOwtpahnESjNGv77TkmGSXEhN3U9o

    Score
    10/10
    asyncratz-oct-16discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks