Overview

overview

10

Static

static

1

Client-Built.bat

windows7-x64

8

Client-Built.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-Built.bat

  • Size

    309KB

  • Sample

    241019-w2ql8ssgmp

  • MD5

    779ea367cf71bed6a1f3b78a48d7c3fd

  • SHA1

    a8a6caee309e724367a686ab9da2a65f3522eba0

  • SHA256

    53666bd18a4e85ff72aac790ea41f603e3d0ce78d12a22bfcdb2e46d1f1d4afd

  • SHA512

    8e54f78210ec383fd24e2fe0bc0beb2d0aad0536443fe88e5f8f10959913bd66000d6448219f3137589c707c85a5e3cac3b03d6fb68cc942543ee51f1e5faa94

  • SSDEEP

    6144:L3pboxHrffvx5qjFakMpbeZuwRLfktxH44ScYQafuqzyFhSd90:LxOrfOupiRLQScYLfuDFs90

Score
10/10
asyncratdefaultexecutionrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

runderscore00-37568.portmap.host:37568

Attributes
  • delay

    3

  • install

    true

  • install_file

    Minecraft.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Client-Built.bat

    • Size

      309KB

    • MD5

      779ea367cf71bed6a1f3b78a48d7c3fd

    • SHA1

      a8a6caee309e724367a686ab9da2a65f3522eba0

    • SHA256

      53666bd18a4e85ff72aac790ea41f603e3d0ce78d12a22bfcdb2e46d1f1d4afd

    • SHA512

      8e54f78210ec383fd24e2fe0bc0beb2d0aad0536443fe88e5f8f10959913bd66000d6448219f3137589c707c85a5e3cac3b03d6fb68cc942543ee51f1e5faa94

    • SSDEEP

      6144:L3pboxHrffvx5qjFakMpbeZuwRLfktxH44ScYQafuqzyFhSd90:LxOrfOupiRLQScYLfuDFs90

    Score
    10/10
    executionasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks