Overview

overview

10

Static

static

1

dgsdz.ps1

windows7-x64

3

dgsdz.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dgsdz.ps1

  • Size

    370KB

  • Sample

    250226-v5vvpaxths

  • MD5

    ed662ea761878747aeeccc0d5f9c2765

  • SHA1

    b60225ab75f021de43dbb00f6d05ee81b267bc89

  • SHA256

    ffba22afc44c4e40cbc825b0447eed9785075b08b49968554a5a97364d90c7f6

  • SHA512

    66d0ea412dec18d5476b08d7acc9d410449ac07cde815b8dd6adb2249f98c13efde2c0c41a0126f46a0573da1c35e77d937be9f8c5adfd20eae8a443f3ea1f8a

  • SSDEEP

    6144:tVWlLScImiGE/hKPQSeAZa7/eNflVfxRBJfl19y1+0xmqjUhZKK8Ep0ouqGImwkC:tVWlLScImiGE/UQSeAZa7/eNflVfxRBd

Score
10/10
asyncratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:7949

190.111.98.121:6606

190.111.98.121:7707

190.111.98.121:8808

190.111.98.121:7949
Mutex

HcVP12uSXdt0

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      dgsdz.ps1

    • Size

      370KB

    • MD5

      ed662ea761878747aeeccc0d5f9c2765

    • SHA1

      b60225ab75f021de43dbb00f6d05ee81b267bc89

    • SHA256

      ffba22afc44c4e40cbc825b0447eed9785075b08b49968554a5a97364d90c7f6

    • SHA512

      66d0ea412dec18d5476b08d7acc9d410449ac07cde815b8dd6adb2249f98c13efde2c0c41a0126f46a0573da1c35e77d937be9f8c5adfd20eae8a443f3ea1f8a

    • SSDEEP

      6144:tVWlLScImiGE/hKPQSeAZa7/eNflVfxRBJfl19y1+0xmqjUhZKK8Ep0ouqGImwkC:tVWlLScImiGE/UQSeAZa7/eNflVfxRBd

    Score
    10/10
    executionasyncratdefaultdiscoveryrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks