General

  • Target

    tmp/9e8aeb69-d2d1-4cd1-9efb-8f257cfe435b_builded.exe

  • Size

    5.6MB

  • Sample

    211223-fxl59ahgdn

  • MD5

    eb036a40e921da13094a1e5b467605de

  • SHA1

    f201ea10d9bcced8b6316c6bb4b362f9e4482069

  • SHA256

    636fb66ea9946bab1538b2434f335482a35d8fd8db7f671fff8506efb39ae20c

  • SHA512

    d5196fbed1ace1442e3214318c515701a564f7c04c9da9f70166fc7053c035a92ebc86da46317c98a72afc098340c481fc7b4aaa57a7db82449fe918eb27675d

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

20.115.143.128:3152

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_file

    Microsoft Word.exe

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      tmp/9e8aeb69-d2d1-4cd1-9efb-8f257cfe435b_builded.exe

    • Size

      5.6MB

    • MD5

      eb036a40e921da13094a1e5b467605de

    • SHA1

      f201ea10d9bcced8b6316c6bb4b362f9e4482069

    • SHA256

      636fb66ea9946bab1538b2434f335482a35d8fd8db7f671fff8506efb39ae20c

    • SHA512

      d5196fbed1ace1442e3214318c515701a564f7c04c9da9f70166fc7053c035a92ebc86da46317c98a72afc098340c481fc7b4aaa57a7db82449fe918eb27675d

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks