Overview

overview

10

Static

static

3

Archivo_Le...2..exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Archivo_Legal.N_83782..exe.zip

  • Size

    1.1MB

  • Sample

    241121-nh98ja1rbt

  • MD5

    6620fe46a80eb9ad4b8812c53b833c73

  • SHA1

    b99e43574a06f39963133cfbc3f76026103176d8

  • SHA256

    a933ba6578c19ab0865e9a59089149b8d4f24a0ec2e352a94907077017969eb5

  • SHA512

    83c42f2d904b8d9a5c20e61f28fc8ea9fba2fef17a8008514748c99a1aa71a1fcb5a7674a1fa497a1aa05081a7b882cae75e04430bcd92fb90d8ff802599a97b

  • SSDEEP

    24576:WBG6/N641VC235uOpYOM0/e0oBFZOqIOUTmwCjF7e51h:F6/NN1L35uOpf/qOq8mRY

Score
10/10
asyncratzzz-oct-31discoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

ZZZ-oct-31

C2

word8328.duckdns.org:8328

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Archivo_Legal.N_83782..exe.bin

    • Size

      2.0MB

    • MD5

      e50b7f6610b164e7530bbd93a2d5c1fb

    • SHA1

      90612e7419eb58c68ad77815ec3439a637c2b0b6

    • SHA256

      311934efae99b694091136c03c7277823018818578c5993e77ddbedd3ae1a166

    • SHA512

      00b5e406703f3e7a9c18dcf7d51e1a9bf1f562ed21cab0f756e3e2ad0f76a69f24f74ec97f2917297de3a32d04c184ebef16307c7eac4538cf39fc95cfc19450

    • SSDEEP

      49152:+hTolMUpPhcAcGaMJ3RYHxUVQgAk10KXBLmKS2EcnQUXj6SELV6HKcnkkdK9lQJf:+kJXV8gdswN/DTFDR

    Score
    10/10
    asyncratzzz-oct-31discoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks