Overview

overview

10

Static

static

3

2025-01-31...re.exe

windows7-x64

3

2025-01-31...re.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-31_be9070cef329332f8afa74c091d2ef15_bkransomware

  • Size

    4.3MB

  • Sample

    250131-fc5rvsylew

  • MD5

    be9070cef329332f8afa74c091d2ef15

  • SHA1

    d1d836e7885404d6986e39907c361f3eedb76b5a

  • SHA256

    9f5a7d655c1227e0ea7e7409d1aaefb956d3655c6125b757fc000e3eba8b8ea0

  • SHA512

    2968ce1d7daadeb3bf551600cde8273a57a79ed443fea16104859d40de4b2ab28e69bd6cf3e5dab80101cbf4c192bdd8e152630bf78093d17e094638554ff6ed

  • SSDEEP

    98304:vCxRXOhEc2MgYHTpnDUSU+zjsT7jpe6B5j:vphd2MgexUSUEjsT7jpF5j

Score
10/10
asyncratchinoodiscoverypersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

CHINOO

C2

94.156.166.213:1700

Mutex

QVWooU1TCzqX

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2025-01-31_be9070cef329332f8afa74c091d2ef15_bkransomware

    • Size

      4.3MB

    • MD5

      be9070cef329332f8afa74c091d2ef15

    • SHA1

      d1d836e7885404d6986e39907c361f3eedb76b5a

    • SHA256

      9f5a7d655c1227e0ea7e7409d1aaefb956d3655c6125b757fc000e3eba8b8ea0

    • SHA512

      2968ce1d7daadeb3bf551600cde8273a57a79ed443fea16104859d40de4b2ab28e69bd6cf3e5dab80101cbf4c192bdd8e152630bf78093d17e094638554ff6ed

    • SSDEEP

      98304:vCxRXOhEc2MgYHTpnDUSU+zjsT7jpe6B5j:vphd2MgexUSUEjsT7jpF5j

    Score
    10/10
    discoveryasyncratchinoopersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks