General

  • Target

    dll-cleaned.exe

  • Size

    130KB

  • Sample

    210113-mf9lnbqcjx

  • MD5

    691502fd02493f30d58d7802e1f2db41

  • SHA1

    e23da718103e8653f3923e40c819ffa8b0896ce8

  • SHA256

    0388cc1f9283d7588c11c2a29f3b8558f588811449f32ebff5e5ebf931ffeb82

  • SHA512

    4c799b7538fbed61f2d2b59964ee50896619d24421c483805209ef5e53b2604d760cd49a80424c53c7d5c89dd630ab26a7ab509df1fe0699ab42353c966c71e7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

23112020.ddns.net:1231

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    tSTqwE1Vnue4SH2KuKjIVUBSuPclsXSq

  • anti_detection

    false

  • autorun

    true

  • bdos

    false

  • delay

    Default

  • host

    23112020.ddns.net

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    1231

  • version

    0.5.7B

aes.plain

Targets

    • Target

      dll-cleaned.exe

    • Size

      130KB

    • MD5

      691502fd02493f30d58d7802e1f2db41

    • SHA1

      e23da718103e8653f3923e40c819ffa8b0896ce8

    • SHA256

      0388cc1f9283d7588c11c2a29f3b8558f588811449f32ebff5e5ebf931ffeb82

    • SHA512

      4c799b7538fbed61f2d2b59964ee50896619d24421c483805209ef5e53b2604d760cd49a80424c53c7d5c89dd630ab26a7ab509df1fe0699ab42353c966c71e7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks