Overview

overview

10

Static

static

3

2024-10-24...ys.exe

windows7-x64

10

2024-10-24...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-24_a1bc90eb0593fff728ebdb07fa5be49d_mafia_rhadamanthys

  • Size

    2.4MB

  • Sample

    241024-hjrvpazcln

  • MD5

    a1bc90eb0593fff728ebdb07fa5be49d

  • SHA1

    4d4a732df8f1f78e3084c00e2c3dacfbbb411abc

  • SHA256

    a306e433e72c97ac9016f9f260f882362d7dfa8735f86384ee70046304430e25

  • SHA512

    0ee42280d3d11d87db579e6dea847cc672f15e9fedd642d66921f759558b95f970674e310c4b41d2efc99524dda54e65411586815f9866dc8b71c2716fb8b0b6

  • SSDEEP

    49152:azJioJ67eQD9rSlAthuDZzjz4YVw7bf33fKo:jnJudzjz4YAT

Score
10/10
asyncratoctu21discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

OCTU21

C2

mnnioudfd.duckdns.org:8010

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-10-24_a1bc90eb0593fff728ebdb07fa5be49d_mafia_rhadamanthys

    • Size

      2.4MB

    • MD5

      a1bc90eb0593fff728ebdb07fa5be49d

    • SHA1

      4d4a732df8f1f78e3084c00e2c3dacfbbb411abc

    • SHA256

      a306e433e72c97ac9016f9f260f882362d7dfa8735f86384ee70046304430e25

    • SHA512

      0ee42280d3d11d87db579e6dea847cc672f15e9fedd642d66921f759558b95f970674e310c4b41d2efc99524dda54e65411586815f9866dc8b71c2716fb8b0b6

    • SSDEEP

      49152:azJioJ67eQD9rSlAthuDZzjz4YVw7bf33fKo:jnJudzjz4YAT

    Score
    10/10
    asyncratoctu21discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks