Overview

overview

10

Static

static

3

Device/Har...p2.exe

windows7-x64

10

Device/Har...p2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup2.exe

  • Size

    876KB

  • Sample

    241111-hqh65aylhq

  • MD5

    7193dc60f5cd05448775522b6cd9e3dd

  • SHA1

    8e84fcaf0bfe5beb8e257d89f5c6cfeea0f0ce06

  • SHA256

    c5ca22d2e13f9054f4daa7151ee3e22fa5c95d90c92f824935739ad0f07b87e7

  • SHA512

    897e28cf2bda22e532668207e355059d5ba74a83d30af9fe161f7b78af005ce9a8354e9efc4eff1c9851b0b4f48b52c9b83e65a8c6ddd0b440aa4d0331cf0f35

  • SSDEEP

    24576:Sb2hIbBgw40HVuM0CJKHQVlu6T27Nm4g2RrllTTWlx+F:Sb2h01HZrmDm4fRb/WlgF

Score
10/10
asyncratdiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Mutex

Aakn1515knAakn1515kn!

Attributes
  • c2_url_file

    http://update-checker-status.cc/OCB-Async.txt

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Device/HarddiskVolume6/Users/PC/AppData/Roaming/Cached files/Setup2.exe

    • Size

      1.9MB

    • MD5

      e8346c336465cd33c3d5397db09af182

    • SHA1

      ad72d0ceea39a74a992dc363bad2eb929f764d2e

    • SHA256

      69538c5066d6d0c64a7997a501ae53b0ccb64113d8f3eb7f3a9d5462ae80823d

    • SHA512

      ab9b98ce642259c5df2de8e8091a9abfc25ea5e0c2023d55e72afb887ecf5297785f4d354b0f6015aa3daa9a7604f0e05657539f4bbf3f932bbd587d79ce1f64

    • SSDEEP

      24576:du/v3umlFc07X/IMRX9zYaF1uDp9pzWcUmN3iCyy:4++XvkaF1uDp9pzWzmN3iCy

    Score
    10/10
    discoverypersistenceasyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks