Overview

overview

10

Static

static

3

sample.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.exe

  • Size

    487KB

  • Sample

    250302-ns76xstths

  • MD5

    8ae9c2ead6c980322b959c4aca64b4c8

  • SHA1

    e5117fc1b397e21ba43417eb508597ff94634ccc

  • SHA256

    49ee111089c9f7f33da5e94c32acfacd961b7a94fa19a8625f51ff8a3e537ed2

  • SHA512

    e381fe41b7cb5386ba6fdc2c162889b7fde9b01bec7be724632d101435ad6c7a863151c109cef097c82b7f9fce58ee8a709d643158137776a01b06f802ce08ea

  • SSDEEP

    3072:vZZAND/mYD2dfg2RSxsX1Kv7KErb3FrKp:vZ4/m9rEmFq7KOy

Score
10/10
asyncratdefaultdiscoveryexecutionrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

hhhhjkjkjkg-50583.portmap.host:50583

Mutex

p0Ib2dTzhMIg

Attributes
  • delay

    3

  • install

    true

  • install_file

    Clock_Application.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      sample.exe

    • Size

      487KB

    • MD5

      8ae9c2ead6c980322b959c4aca64b4c8

    • SHA1

      e5117fc1b397e21ba43417eb508597ff94634ccc

    • SHA256

      49ee111089c9f7f33da5e94c32acfacd961b7a94fa19a8625f51ff8a3e537ed2

    • SHA512

      e381fe41b7cb5386ba6fdc2c162889b7fde9b01bec7be724632d101435ad6c7a863151c109cef097c82b7f9fce58ee8a709d643158137776a01b06f802ce08ea

    • SSDEEP

      3072:vZZAND/mYD2dfg2RSxsX1Kv7KErb3FrKp:vZ4/m9rEmFq7KOy

    Score
    10/10
    asyncratdefaultdiscoveryexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks