Overview

overview

10

Static

static

1

2024-12-19...ys.exe

windows7-x64

1

2024-12-19...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-19_03b9fa614f68e3015bc73fb72b9abe41_avoslocker_hijackloader_luca-stealer_rhadamanthys

  • Size

    10.0MB

  • Sample

    241219-ebyrgsxlej

  • MD5

    03b9fa614f68e3015bc73fb72b9abe41

  • SHA1

    2a188db911e4005083f4e8ec121435dd78bb485a

  • SHA256

    49735d3992131f165199287d0b5997dfa8e035a10177ea556e957d3cac7a1cb4

  • SHA512

    2da0f16a883388b0c84ca727eb40eeb1d60703d695e359b6bf16d8b0e43ab44d73acfda9c38343cd948df158017e90754e0f70fcea25cb48ad8c9587c90a56f0

  • SSDEEP

    49152:NRr+LfDw1gczio6kW4jxnTs7ArxNWgZQNX:ufsjzi/ijxnTs7QxN2

Score
10/10
asyncrat29agodiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

29Ago

C2

trackboxing.dynuddns.net:11203

Mutex

DcRatMutex_q77

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-12-19_03b9fa614f68e3015bc73fb72b9abe41_avoslocker_hijackloader_luca-stealer_rhadamanthys

    • Size

      10.0MB

    • MD5

      03b9fa614f68e3015bc73fb72b9abe41

    • SHA1

      2a188db911e4005083f4e8ec121435dd78bb485a

    • SHA256

      49735d3992131f165199287d0b5997dfa8e035a10177ea556e957d3cac7a1cb4

    • SHA512

      2da0f16a883388b0c84ca727eb40eeb1d60703d695e359b6bf16d8b0e43ab44d73acfda9c38343cd948df158017e90754e0f70fcea25cb48ad8c9587c90a56f0

    • SSDEEP

      49152:NRr+LfDw1gczio6kW4jxnTs7ArxNWgZQNX:ufsjzi/ijxnTs7QxN2

    Score
    10/10
    asyncrat29agodiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks