General

  • Target

    a30c4e2df29a72898ce19eca7d660b90.exe

  • Size

    45KB

  • Sample

    220702-a8fjysdfc7

  • MD5

    a30c4e2df29a72898ce19eca7d660b90

  • SHA1

    c2e7506035e3254dd668c2998a9de224019e3ff0

  • SHA256

    8894823b84c7cde71ed40ade5752da9d7e24ef4cfc2079667a6db6343ce28ac0

  • SHA512

    34eb970ba4f07ac5eb677a3f3d5afe776361cb714e06e71056c7a1cb3b4ec419bc05cd5aa778253bf41477ea92c8e0075e19fc336f16b3ec17a38a3fd188d6ca

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:3131

20.54.113.5:6606

20.54.113.5:7707

20.54.113.5:8808

20.54.113.5:3131

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      a30c4e2df29a72898ce19eca7d660b90.exe

    • Size

      45KB

    • MD5

      a30c4e2df29a72898ce19eca7d660b90

    • SHA1

      c2e7506035e3254dd668c2998a9de224019e3ff0

    • SHA256

      8894823b84c7cde71ed40ade5752da9d7e24ef4cfc2079667a6db6343ce28ac0

    • SHA512

      34eb970ba4f07ac5eb677a3f3d5afe776361cb714e06e71056c7a1cb3b4ec419bc05cd5aa778253bf41477ea92c8e0075e19fc336f16b3ec17a38a3fd188d6ca

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

MITRE ATT&CK Matrix

Tasks