Overview

overview

10

Static

static

1

KINGSAMMET...ON.zip

windows7-x64

1

KINGSAMMET...ON.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KINGSAMMETEXTUREPACK 2.2 EDITION.zip

  • Size

    208KB

  • Sample

    241130-y9xrmaylan

  • MD5

    6cc48cafe20a0536709f5c53d9c2a7f6

  • SHA1

    68388ee3a854c98d4616c8a780707f95b1816eb6

  • SHA256

    2e66192d151718fc4fdbc392650f601e8aaa0294855433d03fca9d58e22b8ce0

  • SHA512

    7e26d52a0c5acd41694ee5d8a1833b5130e2e704a5431bb2c02ee00a7bd81b45b0d84d5dd15b921c590eeed143090f6abced7c87d83fc1327ecfedcb2b6f5141

  • SSDEEP

    6144:G+tvKpz0/mtg6vYZQcTUqZfCd2sQrTqLUV/9WcM:Gf0+aZTUqZ423nkqPM

Score
10/10
asyncratdefaultdiscoveryphishingrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

t3dbEcXv0Sbl

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      KINGSAMMETEXTUREPACK 2.2 EDITION.zip

    • Size

      208KB

    • MD5

      6cc48cafe20a0536709f5c53d9c2a7f6

    • SHA1

      68388ee3a854c98d4616c8a780707f95b1816eb6

    • SHA256

      2e66192d151718fc4fdbc392650f601e8aaa0294855433d03fca9d58e22b8ce0

    • SHA512

      7e26d52a0c5acd41694ee5d8a1833b5130e2e704a5431bb2c02ee00a7bd81b45b0d84d5dd15b921c590eeed143090f6abced7c87d83fc1327ecfedcb2b6f5141

    • SSDEEP

      6144:G+tvKpz0/mtg6vYZQcTUqZfCd2sQrTqLUV/9WcM:Gf0+aZTUqZ423nkqPM

    Score
    10/10
    asyncratdefaultdiscoveryphishingrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks