Overview

overview

10

Static

static

3

prooo.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    prooo.exe

  • Size

    630KB

  • Sample

    240705-l5bx5syfld

  • MD5

    b1f8551f746394ecefd44ed295db08d5

  • SHA1

    23ecd8884b36a4e3d07efbd7cfce3e5b7269bdec

  • SHA256

    95f31e32627f0f3934cd45c6d4dbd3783799b32b58cb22460553f6e142d8056d

  • SHA512

    5e956230183e9f1286520b880e0472515fb0b1f9f13781c0ec24521260df93ddaeb043b6d91465994f8cf3b037f339153528157eadc29100a871126fbe859029

  • SSDEEP

    12288:LBdlwHRn+WlYV+tLIpPWJr/GwUtmr0HfrBqIIjbSf2L0si:LBkVdlYAZIpPWJr/9Utmr0HfrBqIIj+P

Score
10/10
asyncratdefaultransomwarerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

five-sequences.gl.at.ply.gg:47561

Mutex

1MTTlV03LJRj

Attributes
  • delay

    3

  • install

    true

  • install_file

    pro.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      prooo.exe

    • Size

      630KB

    • MD5

      b1f8551f746394ecefd44ed295db08d5

    • SHA1

      23ecd8884b36a4e3d07efbd7cfce3e5b7269bdec

    • SHA256

      95f31e32627f0f3934cd45c6d4dbd3783799b32b58cb22460553f6e142d8056d

    • SHA512

      5e956230183e9f1286520b880e0472515fb0b1f9f13781c0ec24521260df93ddaeb043b6d91465994f8cf3b037f339153528157eadc29100a871126fbe859029

    • SSDEEP

      12288:LBdlwHRn+WlYV+tLIpPWJr/GwUtmr0HfrBqIIjbSf2L0si:LBkVdlYAZIpPWJr/9Utmr0HfrBqIIj+P

    Score
    10/10
    asyncratdefaultransomwarerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks