General

  • Target

    26e657df0e518cad1107765e55ffa3af3dd71a3c70b07ce69c31f7ebaaa145b2

  • Size

    196KB

  • Sample

    230129-1b69hseh8t

  • MD5

    035de7c27c7be916b5f3320e895c61ac

  • SHA1

    84159edae207759230fdc0ffebc46a54acf73e98

  • SHA256

    26e657df0e518cad1107765e55ffa3af3dd71a3c70b07ce69c31f7ebaaa145b2

  • SHA512

    aea1b617fd2441eb73ada7fcd2b75255bb6b764837d6adf962adbe460a5060a19a3d0c98ce819b2711720bf9dc9c4c9cd67d88f81727d5ecec64be3bd40a3560

  • SSDEEP

    6144:bzWJFc3d3B6Nt53jrSrKZLehQS/xvlZ6/:663B6Nt53n6Q4Vg

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

mr7bashbab.ddns.net:6606

mr7bashbab.ddns.net:7707

mr7bashbab.ddns.net:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    OBS.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      26e657df0e518cad1107765e55ffa3af3dd71a3c70b07ce69c31f7ebaaa145b2

    • Size

      196KB

    • MD5

      035de7c27c7be916b5f3320e895c61ac

    • SHA1

      84159edae207759230fdc0ffebc46a54acf73e98

    • SHA256

      26e657df0e518cad1107765e55ffa3af3dd71a3c70b07ce69c31f7ebaaa145b2

    • SHA512

      aea1b617fd2441eb73ada7fcd2b75255bb6b764837d6adf962adbe460a5060a19a3d0c98ce819b2711720bf9dc9c4c9cd67d88f81727d5ecec64be3bd40a3560

    • SSDEEP

      6144:bzWJFc3d3B6Nt53jrSrKZLehQS/xvlZ6/:663B6Nt53n6Q4Vg

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks