General

  • Target

    F5E715D046072F8716F662BB86A02BE3F13DD984ED207.exe

  • Size

    176KB

  • Sample

    221001-wqarmsagdq

  • MD5

    f8b8c7e30a0c98c7db0c64d4b925db75

  • SHA1

    928ec1e03d21f51f34da1a7c801fdce9a36b3c36

  • SHA256

    f5e715d046072f8716f662bb86a02be3f13dd984ed207562c9e8e3feb6aeab40

  • SHA512

    67d7c8c62877a0d274089ef062a85e1b0622bcb6ccfc86d3bd9234973af514e211c4a3043504c597429ade35524f314efecea75a4695bf5489e282fef3cedef3

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

zulakim.duckdns.org:6606

zulakim.duckdns.org:7707

zulakim.duckdns.org:8808

Attributes
delay
3
install
true
install_file
dllhost.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      F5E715D046072F8716F662BB86A02BE3F13DD984ED207.exe

    • Size

      176KB

    • MD5

      f8b8c7e30a0c98c7db0c64d4b925db75

    • SHA1

      928ec1e03d21f51f34da1a7c801fdce9a36b3c36

    • SHA256

      f5e715d046072f8716f662bb86a02be3f13dd984ed207562c9e8e3feb6aeab40

    • SHA512

      67d7c8c62877a0d274089ef062a85e1b0622bcb6ccfc86d3bd9234973af514e211c4a3043504c597429ade35524f314efecea75a4695bf5489e282fef3cedef3

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation