Overview

overview

10

Static

static

10

Bootstrapper.exe

windows10-ltsc 2021-x64

10

Bootstrapper.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bootstrapper.exe

  • Size

    102KB

  • Sample

    241109-3a44wavaqg

  • MD5

    c3d1f3320345e4f686f424dfc830d55e

  • SHA1

    a5f901cc9b310c033ef4a8469a691b3b3f22dc58

  • SHA256

    4744d244bb23331abb4bf35a693bb4354b55285a378bd1db22b13d3e61570c88

  • SHA512

    045a68da3a72a8eceedfe72f9dc4256a2ebc80c81e89cbe5da3ca2b958dcd41222edcc3c2c774b7847f91a525c52070a1aa778f62d372f143f87ceafaf4cb46b

  • SSDEEP

    3072:kuctTFw42BotoKWBbOZcFxwDFkGruq6lTPsQC9t2P:kucQB8oKabOp3/6dPnCu

Score
10/10
asyncratvictimdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Victim

C2

193.161.193.99:9999

Mutex

XRGxQdLGJZHf

Attributes
  • delay

    3

  • install

    true

  • install_file

    SysKeeperVLR.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Bootstrapper.exe

    • Size

      102KB

    • MD5

      c3d1f3320345e4f686f424dfc830d55e

    • SHA1

      a5f901cc9b310c033ef4a8469a691b3b3f22dc58

    • SHA256

      4744d244bb23331abb4bf35a693bb4354b55285a378bd1db22b13d3e61570c88

    • SHA512

      045a68da3a72a8eceedfe72f9dc4256a2ebc80c81e89cbe5da3ca2b958dcd41222edcc3c2c774b7847f91a525c52070a1aa778f62d372f143f87ceafaf4cb46b

    • SSDEEP

      3072:kuctTFw42BotoKWBbOZcFxwDFkGruq6lTPsQC9t2P:kucQB8oKabOp3/6dPnCu

    Score
    10/10
    asyncratvictimdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks