General

  • Target

    1096-57-0x00000000003B0000-0x00000000003C2000-memory.dmp

  • Size

    72KB

  • Sample

    221004-ygrd5sceep

  • MD5

    04ffd19d0f37dbfb88183ed3a2be3e16

  • SHA1

    55fc97fab3e9bb8028d0f488bfce17b9516c503f

  • SHA256

    90636b07f3e1ba7875174defe0e106aa1aa873960e3380e9cc9a5f0325bf13b6

  • SHA512

    c40645de659bde18d34c336251eea7229c49d569cc7127691f188a4efb0e8fe2e10b84d0a45c4f24982cf732cb34ca2c3742d07af2d9b1d61ba7bf359f031ef4

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Attributes
delay
8
install
true
install_file
folders.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      1096-57-0x00000000003B0000-0x00000000003C2000-memory.dmp

    • Size

      72KB

    • MD5

      04ffd19d0f37dbfb88183ed3a2be3e16

    • SHA1

      55fc97fab3e9bb8028d0f488bfce17b9516c503f

    • SHA256

      90636b07f3e1ba7875174defe0e106aa1aa873960e3380e9cc9a5f0325bf13b6

    • SHA512

      c40645de659bde18d34c336251eea7229c49d569cc7127691f188a4efb0e8fe2e10b84d0a45c4f24982cf732cb34ca2c3742d07af2d9b1d61ba7bf359f031ef4

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation