Overview

overview

10

Static

static

3

2024-12-17...ys.exe

windows7-x64

10

2024-12-17...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-17_3261d681e2c2ecf2d6c0ae058fcff49f_mafia_rhadamanthys

  • Size

    10.0MB

  • Sample

    241217-w1z5aavnhk

  • MD5

    3261d681e2c2ecf2d6c0ae058fcff49f

  • SHA1

    bca45ad9c948d579957d1448b912a25bb6fa41e6

  • SHA256

    7fefc8a574e655e534f74b031a23616d1a72b876ee3daad9ffd24fe49a3847ec

  • SHA512

    6e1df067e984c6b17337fc583038aa7cd2472950aca58edbbc1a9cf7f967fbcbe3d4b1922f88973015a87e1aaffad5624da87f3309c165c3328d891e89cea308

  • SSDEEP

    49152:Lprgw1gkZV2HXsMnmjEREseBSsxHnfXsrHYiXYiSuYk8WMi:NIYUYy

Score
10/10
asyncratsmokeediscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Smokee

C2

209.126.4.168:8848

Mutex

Jl6dTyOlKEa8qbRLi/bbkQ==

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-12-17_3261d681e2c2ecf2d6c0ae058fcff49f_mafia_rhadamanthys

    • Size

      10.0MB

    • MD5

      3261d681e2c2ecf2d6c0ae058fcff49f

    • SHA1

      bca45ad9c948d579957d1448b912a25bb6fa41e6

    • SHA256

      7fefc8a574e655e534f74b031a23616d1a72b876ee3daad9ffd24fe49a3847ec

    • SHA512

      6e1df067e984c6b17337fc583038aa7cd2472950aca58edbbc1a9cf7f967fbcbe3d4b1922f88973015a87e1aaffad5624da87f3309c165c3328d891e89cea308

    • SSDEEP

      49152:Lprgw1gkZV2HXsMnmjEREseBSsxHnfXsrHYiXYiSuYk8WMi:NIYUYy

    Score
    10/10
    asyncratsmokeediscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks