General

  • Target

    Discord Annocument Bot‮nls..scr

  • Size

    658KB

  • Sample

    221202-fv3p8aff89

  • MD5

    1ab8dbca5e2bba39723f00907d266de7

  • SHA1

    729cb808637568f20ac886b3fac5f3cf5ff01dee

  • SHA256

    c6dda31fa6cb4ce140f62c9ce604672fa4a9ba5d1792f2d77f3cfcb43b3227ac

  • SHA512

    d1a31848eb9b683793afd36031ef8078ff962c2526272782cf2fca8db11afb71643a46b9ad6bce3ba8dba1b638672205726f6e96c7dd3e887228a2368ec08081

  • SSDEEP

    12288:3oSO5i2eVUIvybKcEz4MM7S9HdKINesX7j6p9PI8GS0oN2:3ouTVUIvtH4H7aLeO23gRoY

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

System Guard Runtime

C2

85.105.88.221:2531

Mutex

System Guard Runtime

Attributes
  • delay

    3

  • install

    false

  • install_file

    System Guard Runtime

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Discord Annocument Bot‮nls..scr

    • Size

      658KB

    • MD5

      1ab8dbca5e2bba39723f00907d266de7

    • SHA1

      729cb808637568f20ac886b3fac5f3cf5ff01dee

    • SHA256

      c6dda31fa6cb4ce140f62c9ce604672fa4a9ba5d1792f2d77f3cfcb43b3227ac

    • SHA512

      d1a31848eb9b683793afd36031ef8078ff962c2526272782cf2fca8db11afb71643a46b9ad6bce3ba8dba1b638672205726f6e96c7dd3e887228a2368ec08081

    • SSDEEP

      12288:3oSO5i2eVUIvybKcEz4MM7S9HdKINesX7j6p9PI8GS0oN2:3ouTVUIvtH4H7aLeO23gRoY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks