General

  • Target

    ae985be1b98f0706f898b14d70f7872216b85e089d3688f1fec8239472363874

  • Size

    243KB

  • Sample

    230129-1bdxzaeh5w

  • MD5

    b7edac01c73f64872f1998edf01c7f3f

  • SHA1

    90c06e96ff92da3e3eac8bec02de2f89f8a21cce

  • SHA256

    ae985be1b98f0706f898b14d70f7872216b85e089d3688f1fec8239472363874

  • SHA512

    7a6f04da1abe8c076c7d8d0ce78c1f66ea2d3fa9966024ab49977f9fa7760405a015260cd1085ea363fc2a57709ea48cc28c171ccf896d28849397bb2f74ae67

  • SSDEEP

    6144:mplePgaFKVfi+rwKFiPjoe84UcOBrKZ+PmEObXi+IUDKdzaOKln6PmiK1qnHiLrM:mplU7FKVfi+rwKFiPjoe84UcOBrKZ+P1

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

20.188.60.159:1881

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    test.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ae985be1b98f0706f898b14d70f7872216b85e089d3688f1fec8239472363874

    • Size

      243KB

    • MD5

      b7edac01c73f64872f1998edf01c7f3f

    • SHA1

      90c06e96ff92da3e3eac8bec02de2f89f8a21cce

    • SHA256

      ae985be1b98f0706f898b14d70f7872216b85e089d3688f1fec8239472363874

    • SHA512

      7a6f04da1abe8c076c7d8d0ce78c1f66ea2d3fa9966024ab49977f9fa7760405a015260cd1085ea363fc2a57709ea48cc28c171ccf896d28849397bb2f74ae67

    • SSDEEP

      6144:mplePgaFKVfi+rwKFiPjoe84UcOBrKZ+PmEObXi+IUDKdzaOKln6PmiK1qnHiLrM:mplU7FKVfi+rwKFiPjoe84UcOBrKZ+P1

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks