Overview

overview

10

Static

static

3

Informacio...6..exe

windows7-x64

10

Informacio...6..exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41a8d83f3351d70cd7bdda84a2d2d36a.tar

  • Size

    886KB

  • Sample

    241018-ct4z4s1eka

  • MD5

    41a8d83f3351d70cd7bdda84a2d2d36a

  • SHA1

    1f8684d9bd41de18d8756d220bf8b78446a64211

  • SHA256

    545a7ed0b67b21d80b7b779123e38a3600f7daaa0e7ce63c20d2ad9e155391e3

  • SHA512

    aeea5de6ed9980a77c9b0e134844c0816797c5605806f5570763c7437f59bd5273875a06e5a564d1535dd434853a3ae1c5deaa03e3722d3f6943c2e37463a193

  • SSDEEP

    12288:hpcFCkt6JmeuDk3DcD+eyu8tWVF+s7C2XwOXTrNmY8nafBk9bVhxeRscigo+wHio:TcEkt6ckzc5kWVFbfg/YkX8u3go+chHx

Score
10/10
asyncratz-oct-16discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Z-Oct-16

C2

pt4040.4cloud.click:4004

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Informacion_Legal.N°26626..exe

    • Size

      2.5MB

    • MD5

      49ec7b0a10c0c2fddf8ee9931e220a87

    • SHA1

      54389b474b33191afaf45fb464199f1a3089154a

    • SHA256

      edd192a65b9a5d7df1076294077e896a872bf8c6c1ab8799415f1ddaf32e0144

    • SHA512

      12b51b3782016b178b963ac7d598baf66b1c14bd04d5171c568ee82eea5f5e51fadace586053f726eb894c8f8a1dc2027e80d1e8aab5284c00c55f0705ff83a0

    • SSDEEP

      24576:oaF026oYvOqQcttZV3XzAsBahnBiSjNUwauYGA7oQb7dTcb+f9Gj4cEpFCkhzrE9:POOwtpahnESjNGv77TkmGSXEhN3U9o

    Score
    10/10
    asyncratz-oct-16discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks