Overview

overview

10

Static

static

3

Device/Har...nt.exe

windows7-x64

10

Device/Har...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Point.exe

  • Size

    876KB

  • Sample

    241111-h3edpsvjhy

  • MD5

    01bb9cf639c07881346cbbc4259894c5

  • SHA1

    347a92f8e5bca9be6ce404cf2ab9ac7ea206f33b

  • SHA256

    b9e3abc9175b1023acf9e275188dc29ad3b03863d77c4f98d9b5c2518db5b54e

  • SHA512

    eab50e75c6a9d3d3417c607831fadb79a907dcf40b2f587bc9d01bdc9b8c2590226e1d660bf35a058cb7e417b7912d0bf795cbd617bd57bd7125130e5e16f1be

  • SSDEEP

    24576:5y6yixNzHlgYZWp4zaH0nJzQhwNnW0EYmAZFk/48qPn:tyOH4WuH0nNQ2A0Excbn/

Score
10/10
asyncratdiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Mutex

Aakn1515knAakn1515kn!

Attributes
  • c2_url_file

    http://update-checker-status.cc/OCB-Async.txt

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Device/HarddiskVolume6/Users/PC/AppData/Roaming/Pointe/Point.exe

    • Size

      1.9MB

    • MD5

      e8346c336465cd33c3d5397db09af182

    • SHA1

      ad72d0ceea39a74a992dc363bad2eb929f764d2e

    • SHA256

      69538c5066d6d0c64a7997a501ae53b0ccb64113d8f3eb7f3a9d5462ae80823d

    • SHA512

      ab9b98ce642259c5df2de8e8091a9abfc25ea5e0c2023d55e72afb887ecf5297785f4d354b0f6015aa3daa9a7604f0e05657539f4bbf3f932bbd587d79ce1f64

    • SSDEEP

      24576:du/v3umlFc07X/IMRX9zYaF1uDp9pzWcUmN3iCyy:4++XvkaF1uDp9pzWzmN3iCy

    Score
    10/10
    asyncratdiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks