Overview

overview

10

Static

static

3

43d23d2daf...bc.exe

windows7-x64

10

43d23d2daf...bc.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43d23d2daf0c714f7c45a0b51af8504b8c4c76c63425f0697c33f86794c6d3bc.exe

  • Size

    764KB

  • Sample

    250209-crtflasjfz

  • MD5

    0b17e7163977ae54e5a77b139e9430df

  • SHA1

    7513c996cdb9e33c3e1d284a9647c62cfed21aa4

  • SHA256

    43d23d2daf0c714f7c45a0b51af8504b8c4c76c63425f0697c33f86794c6d3bc

  • SHA512

    4929cdae865ee5b0276856594384f497a75385beeef6a45bac3d0fa3357184c30aecfc3210fff8bfbd54a0dff320416aca1cb59636947b5320c9f1aad9ec4183

  • SSDEEP

    12288:uztzaOCxk8Z73coqVY9y9rMuuctPygqMQBqlAyk7ymQVuGiIA1WXZL0CeEEjQp8u:uztWOCa8Zy4WAu1ZqZklAn0xi1WpL07W

Score
10/10
asyncratguloaderdefaultdiscoverydownloaderpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

109.248.151.187:49181

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      43d23d2daf0c714f7c45a0b51af8504b8c4c76c63425f0697c33f86794c6d3bc.exe

    • Size

      764KB

    • MD5

      0b17e7163977ae54e5a77b139e9430df

    • SHA1

      7513c996cdb9e33c3e1d284a9647c62cfed21aa4

    • SHA256

      43d23d2daf0c714f7c45a0b51af8504b8c4c76c63425f0697c33f86794c6d3bc

    • SHA512

      4929cdae865ee5b0276856594384f497a75385beeef6a45bac3d0fa3357184c30aecfc3210fff8bfbd54a0dff320416aca1cb59636947b5320c9f1aad9ec4183

    • SSDEEP

      12288:uztzaOCxk8Z73coqVY9y9rMuuctPygqMQBqlAyk7ymQVuGiIA1WXZL0CeEEjQp8u:uztWOCa8Zy4WAu1ZqZklAn0xi1WpL07W

    Score
    10/10
    asyncratguloaderdefaultdiscoverydownloaderpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      e23600029d1b09bdb1d422fb4e46f5a6

    • SHA1

      5d64a2f6a257a98a689a3db9a087a0fd5f180096

    • SHA256

      7342b73593b3aa1b15e3731bfb1afd1961802a5c66343bac9a2c737ee94f4e38

    • SHA512

      c971f513142633ce0e6ec6a04c754a286da8016563dab368c3fac83aef81fa3e9df1003c4b63d00a46351a9d18eaa7ae7645caef172e5e1d6e29123ab864e7ac

    • SSDEEP

      192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks