General

  • Target

    fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

  • Size

    390KB

  • Sample

    220502-nvw7fafaap

  • MD5

    2777f662fe6d094fb8726aae2a6b39a6

  • SHA1

    a643a95a7f45a612f45c4d398630b8b641b49bb7

  • SHA256

    fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

  • SHA512

    d2974a64b8a780f099f5bc67d03a7d90a8824f01b12be7f3c1803c7b68772c2b1622b3864578d2fa4e636a1154ff22f1a1f821a2330bca5daa99591e962ab23e

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

travazap.duckdns.org:4040

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

travazap2.duckdns.org:2021

Mutex

3ddc53446da

Targets

    • Target

      fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

    • Size

      390KB

    • MD5

      2777f662fe6d094fb8726aae2a6b39a6

    • SHA1

      a643a95a7f45a612f45c4d398630b8b641b49bb7

    • SHA256

      fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607

    • SHA512

      d2974a64b8a780f099f5bc67d03a7d90a8824f01b12be7f3c1803c7b68772c2b1622b3864578d2fa4e636a1154ff22f1a1f821a2330bca5daa99591e962ab23e

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks