General

  • Target

    mevlbkxshp.ps1

  • Size

    119KB

  • Sample

    220415-pl6j7acag2

  • MD5

    cc55cf5d17726a6137c51fecff65659f

  • SHA1

    039339bd25e0a3a6183d1c848007377f939eeb04

  • SHA256

    2d97a2fb3bb70289266079670be42efa882a361e922dee6a109884222b3336d6

  • SHA512

    8df91c615f07b9b722616a4e43a6869ce701d4eb82be43c2e7eaee43845f5b61e657c918d741d65459b7fe9c96ebde4ff6811398f1e63e57d205e9411bfb905a

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

rick63.publicvm.com:5900

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      mevlbkxshp.ps1

    • Size

      119KB

    • MD5

      cc55cf5d17726a6137c51fecff65659f

    • SHA1

      039339bd25e0a3a6183d1c848007377f939eeb04

    • SHA256

      2d97a2fb3bb70289266079670be42efa882a361e922dee6a109884222b3336d6

    • SHA512

      8df91c615f07b9b722616a4e43a6869ce701d4eb82be43c2e7eaee43845f5b61e657c918d741d65459b7fe9c96ebde4ff6811398f1e63e57d205e9411bfb905a

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • Async RAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks