General
-
Target
f559c085934e6e7d98e6d520684196eb.exe
-
Size
45KB
-
Sample
221205-wa5xvaef7z
-
MD5
f559c085934e6e7d98e6d520684196eb
-
SHA1
3a829e2faeaa5a48556770cc159a4e291a91a9c3
-
SHA256
198886528a13c0f7f03536bac4a5c449d3b21131887efa7595c9e9a56a2cfc0e
-
SHA512
7451ae89f1df93613069ea4056d9f23b1d8c71636487ee888b39e7887181b03c2f7183673468ead5fec2d0c50396b6545a623e6627a88f0268a68bab47d67f79
-
SSDEEP
768:SubrdT5UohzWUfpdBmo2qV6KjGKG6PIyzjbFgX3iUqaPkMapBDZHx:SubrdT5Pf2FKYDy3bCXSUqQE3dHx
Malware Config
Extracted
| Family |
asyncrat |
| Version |
0.5.7B |
| Botnet |
Default |
| C2 |
127.0.0.1:6606 127.0.0.1:7707 127.0.0.1:8808 127.0.0.1:51115 127.0.0.1:26993 127.0.0.1:19624 185.246.220.26:6606 185.246.220.26:7707 185.246.220.26:8808 185.246.220.26:51115 185.246.220.26:26993 185.246.220.26:19624 5.tcp.ngrok.io:6606 5.tcp.ngrok.io:7707 5.tcp.ngrok.io:8808 5.tcp.ngrok.io:51115 5.tcp.ngrok.io:26993 5.tcp.ngrok.io:19624 disownnet.duckdns.org:6606 disownnet.duckdns.org:7707 |
| Attributes |
delay 3
install false
install_file services.exe
install_folder %AppData% |
| aes.plain |
|
Targets
-
-
Target
f559c085934e6e7d98e6d520684196eb.exe
-
Size
45KB
-
MD5
f559c085934e6e7d98e6d520684196eb
-
SHA1
3a829e2faeaa5a48556770cc159a4e291a91a9c3
-
SHA256
198886528a13c0f7f03536bac4a5c449d3b21131887efa7595c9e9a56a2cfc0e
-
SHA512
7451ae89f1df93613069ea4056d9f23b1d8c71636487ee888b39e7887181b03c2f7183673468ead5fec2d0c50396b6545a623e6627a88f0268a68bab47d67f79
-
SSDEEP
768:SubrdT5UohzWUfpdBmo2qV6KjGKG6PIyzjbFgX3iUqaPkMapBDZHx:SubrdT5Pf2FKYDy3bCXSUqQE3dHx
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation