Overview

overview

10

Static

static

10

Infected.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Infected.exe

  • Size

    63KB

  • Sample

    241019-wc1qxa1dlr

  • MD5

    a63400efe58b3ff95cbdc1c101f18751

  • SHA1

    dc8b76f2ef8b99bc500b36cb836fc522127d2186

  • SHA256

    a108c1d0db9a98a9da88179ef4b244a8c37f01134c9727343f131b5a04109a89

  • SHA512

    bc35161f6017dce82ddf2c5c98ba429168ecf30e4126e99467f3e6bc4d101bc71c4570a24df4c656ddb40bef22b7b31c6ebdae130210672c5213b9e209c7b0cb

  • SSDEEP

    768:Cmxvn0zXf78NwC8A+XU2azcBRL5JTk1+T4KSBGHmDbD/ph0oXlUMZhSusdpqKYhg:LQXDLdSJYUbdh92/usdpqKmY7

Score
10/10
asyncratdefaultexecutionrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

147.185.221.23:28959

Attributes
  • delay

    1

  • install

    true

  • install_file

    Windows Startup.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Infected.exe

    • Size

      63KB

    • MD5

      a63400efe58b3ff95cbdc1c101f18751

    • SHA1

      dc8b76f2ef8b99bc500b36cb836fc522127d2186

    • SHA256

      a108c1d0db9a98a9da88179ef4b244a8c37f01134c9727343f131b5a04109a89

    • SHA512

      bc35161f6017dce82ddf2c5c98ba429168ecf30e4126e99467f3e6bc4d101bc71c4570a24df4c656ddb40bef22b7b31c6ebdae130210672c5213b9e209c7b0cb

    • SSDEEP

      768:Cmxvn0zXf78NwC8A+XU2azcBRL5JTk1+T4KSBGHmDbD/ph0oXlUMZhSusdpqKYhg:LQXDLdSJYUbdh92/usdpqKmY7

    Score
    10/10
    asyncratdefaultexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks