Overview

overview

10

Static

static

3

77fc7e8504...aa.exe

windows7-x64

10

77fc7e8504...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77fc7e85046431ddb8949e26c334dfdbbcdaa13a4ef2cd026176ef2285c168aa.exe

  • Size

    576KB

  • Sample

    250124-znb4gaxras

  • MD5

    2ad135e9fb82394b01a1112ea006893c

  • SHA1

    cbff8d839eeacff851d28c9222978503e096c380

  • SHA256

    77fc7e85046431ddb8949e26c334dfdbbcdaa13a4ef2cd026176ef2285c168aa

  • SHA512

    2e06576149c93ca4da6cad84239c181606b664d600d138b58c247c869b97532e8be64d2e55b59ba2b47b67225844a8af8983fa8f2a38bf09510fdf5fa5a85cc8

  • SSDEEP

    12288:Q586WhRSUunfs6rKT+UBambajgb8clA/C8GRzS/Z:n6NnfQTjSOlA9GRzSB

Score
10/10
asyncratcokediscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

COKE

C2

quin.ydns.eu:1962

quin.ydns.eu:1940

185.38.142.240:1962

185.38.142.240:1940
Mutex

dLOEY8XRq1oB

Attributes
  • delay

    3

  • install

    false

  • install_file

    windowsBook.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      77fc7e85046431ddb8949e26c334dfdbbcdaa13a4ef2cd026176ef2285c168aa.exe

    • Size

      576KB

    • MD5

      2ad135e9fb82394b01a1112ea006893c

    • SHA1

      cbff8d839eeacff851d28c9222978503e096c380

    • SHA256

      77fc7e85046431ddb8949e26c334dfdbbcdaa13a4ef2cd026176ef2285c168aa

    • SHA512

      2e06576149c93ca4da6cad84239c181606b664d600d138b58c247c869b97532e8be64d2e55b59ba2b47b67225844a8af8983fa8f2a38bf09510fdf5fa5a85cc8

    • SSDEEP

      12288:Q586WhRSUunfs6rKT+UBambajgb8clA/C8GRzS/Z:n6NnfQTjSOlA9GRzSB

    Score
    10/10
    asyncratcokediscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks