General

  • Target

    7a2e8d3fe9752412bf4de2e369d212ee.exe

  • Size

    288KB

  • Sample

    200731-3exvbrgmda

  • MD5

    7a2e8d3fe9752412bf4de2e369d212ee

  • SHA1

    02be732190a9828c1900659817f6a3db899fb3a0

  • SHA256

    d9439aa56b6280ff50bc666ae94cdbfd6d174dda46187dbd0de25e9aeb6edbfb

  • SHA512

    ba9cc252858e8c30dc6bd146e85d7a253cc8e391d4d50bd249ee65b1da5c4789bb354179788958add0dbea21801a2070fdd7870db2beaef60906645c10145a8e

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

giuseppe.ug:6970

asdxcvxdfgdnbvrwe.ru:6970

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    wmNKpUVCpNWhhJQblim2nnNgKrbxeGKV

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    giuseppe.ug,asdxcvxdfgdnbvrwe.ru

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6970

  • version

    0.5.7B

aes.plain

Targets

    • Target

      7a2e8d3fe9752412bf4de2e369d212ee.exe

    • Size

      288KB

    • MD5

      7a2e8d3fe9752412bf4de2e369d212ee

    • SHA1

      02be732190a9828c1900659817f6a3db899fb3a0

    • SHA256

      d9439aa56b6280ff50bc666ae94cdbfd6d174dda46187dbd0de25e9aeb6edbfb

    • SHA512

      ba9cc252858e8c30dc6bd146e85d7a253cc8e391d4d50bd249ee65b1da5c4789bb354179788958add0dbea21801a2070fdd7870db2beaef60906645c10145a8e

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks