General

  • Target

    A.ps1

  • Size

    341KB

  • Sample

    220706-tktlfsggf5

  • MD5

    bab2e1ffac6380d3cf78dab6a518043c

  • SHA1

    3b1316722ecfcac5e091df43926c5556e56b2484

  • SHA256

    dc06a80957d67f15f51dac150d3cd1a2aeb46851c9783550048eb68092f13f90

  • SHA512

    a32843fde56f5f6e57427d3861f63f037cd2bad47b529029ef443a6abdc82934654971134ef8da37918a0fb9487848d7a4aeff9f7cf2bbf0b9b4eafb0feee85a

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

EID

C2

4dod.ddns.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      A.ps1

    • Size

      341KB

    • MD5

      bab2e1ffac6380d3cf78dab6a518043c

    • SHA1

      3b1316722ecfcac5e091df43926c5556e56b2484

    • SHA256

      dc06a80957d67f15f51dac150d3cd1a2aeb46851c9783550048eb68092f13f90

    • SHA512

      a32843fde56f5f6e57427d3861f63f037cd2bad47b529029ef443a6abdc82934654971134ef8da37918a0fb9487848d7a4aeff9f7cf2bbf0b9b4eafb0feee85a

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks