General

  • Target

    1590B1512142D6C974828FC11958A9A5FFDB6673A584B.exe

  • Size

    309KB

  • Sample

    221004-yd4v3acedr

  • MD5

    f4e3415d68ba7564f1400b74e4d7e22b

  • SHA1

    a4a3b80c28db771c0b15c543daa56a229467fdf3

  • SHA256

    1590b1512142d6c974828fc11958a9a5ffdb6673a584b15fda7f93768f639a54

  • SHA512

    8c1a0d8db17301bdc6e2e3c16f953c1fd69ba76e887c797d64eb952155dc204a11b8f04181207cae7723aebddf638031e96225131a2006d07c43eb0555f207d7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Attributes
delay
8
install
true
install_file
folders.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      1590B1512142D6C974828FC11958A9A5FFDB6673A584B.exe

    • Size

      309KB

    • MD5

      f4e3415d68ba7564f1400b74e4d7e22b

    • SHA1

      a4a3b80c28db771c0b15c543daa56a229467fdf3

    • SHA256

      1590b1512142d6c974828fc11958a9a5ffdb6673a584b15fda7f93768f639a54

    • SHA512

      8c1a0d8db17301bdc6e2e3c16f953c1fd69ba76e887c797d64eb952155dc204a11b8f04181207cae7723aebddf638031e96225131a2006d07c43eb0555f207d7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation