General

  • Target

    4661d321d22ead59aa1dcf7805b9680e.exe

  • Size

    156KB

  • Sample

    221128-yx89wsdc89

  • MD5

    4661d321d22ead59aa1dcf7805b9680e

  • SHA1

    0e87ec191765cbb62e9103e4cebc754314002e7d

  • SHA256

    4ecdc9f6ebd035e8738d54d42686d571b2723c3c07b431e9cd551cfe1d09b8d1

  • SHA512

    33d35b16524a010dbb08155708a9a6ed217d677ad4121e84131a1e1c59cd5fc0baa1f9dc1289bcc57e63be7dbc271d82008080a9acc8a30ba9fee10a4f511832

  • SSDEEP

    3072:O6HomkMh4smo4GvX9m7+VBe16y71T+w/2FbM44:3+obvtIZIy7Wl

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

xxxprofxxx.dnsdojo.com:5126

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      4661d321d22ead59aa1dcf7805b9680e.exe

    • Size

      156KB

    • MD5

      4661d321d22ead59aa1dcf7805b9680e

    • SHA1

      0e87ec191765cbb62e9103e4cebc754314002e7d

    • SHA256

      4ecdc9f6ebd035e8738d54d42686d571b2723c3c07b431e9cd551cfe1d09b8d1

    • SHA512

      33d35b16524a010dbb08155708a9a6ed217d677ad4121e84131a1e1c59cd5fc0baa1f9dc1289bcc57e63be7dbc271d82008080a9acc8a30ba9fee10a4f511832

    • SSDEEP

      3072:O6HomkMh4smo4GvX9m7+VBe16y71T+w/2FbM44:3+obvtIZIy7Wl

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks