Overview

overview

10

Static

static

3

Desktop.exe

windows7-x64

10

Desktop.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.exe

  • Size

    611KB

  • Sample

    250228-wtb4waszhy

  • MD5

    0477439dfc65222b446ca4a31c6a5bcd

  • SHA1

    17e04cdc917891b25f0f585375e142fcc140403f

  • SHA256

    4ce4ae76ccf0787e7fdbc7841c1e9e553831533b39e50c45e35c0f243e1409c8

  • SHA512

    1f584a63ce4f3301325c81a920341de79cf3d5fe8d2f4cfffc8b086a5f1b1e2d6443bcfae9067f1a224d46c55a00be85e5e8957b7658ed965ccd27eae670024f

  • SSDEEP

    6144:Bz1eXfQ+IqV6EL8aVh3ZqK8DN/ya7cLyMO84+c4Edd47BXAFk/yDwZpLptmZMDlp:qngM8K8P4ElXddah8kyDIZDWgfMAJ

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

6.tcp.ngrok.io:17720

Attributes
  • delay

    1

  • install

    true

  • install_file

    idk.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Desktop.exe

    • Size

      611KB

    • MD5

      0477439dfc65222b446ca4a31c6a5bcd

    • SHA1

      17e04cdc917891b25f0f585375e142fcc140403f

    • SHA256

      4ce4ae76ccf0787e7fdbc7841c1e9e553831533b39e50c45e35c0f243e1409c8

    • SHA512

      1f584a63ce4f3301325c81a920341de79cf3d5fe8d2f4cfffc8b086a5f1b1e2d6443bcfae9067f1a224d46c55a00be85e5e8957b7658ed965ccd27eae670024f

    • SSDEEP

      6144:Bz1eXfQ+IqV6EL8aVh3ZqK8DN/ya7cLyMO84+c4Edd47BXAFk/yDwZpLptmZMDlp:qngM8K8P4ElXddah8kyDIZDWgfMAJ

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks