General

  • Target

    2c5995ae8a1d66637c164c65660968d15f94e4d3034472263a4384e91ee7e991

  • Size

    4.6MB

  • Sample

    230129-1xasfafh7s

  • MD5

    0bc800157f24add743a3949dc895a654

  • SHA1

    9511d912df936380ccb4fc883959f80a32bc5bf3

  • SHA256

    2c5995ae8a1d66637c164c65660968d15f94e4d3034472263a4384e91ee7e991

  • SHA512

    223b7e2e2cb38fcc6e1b2e0383989bdb65029806889ba1beb989d54641d1d0fc8e69ab134e742b0cb09dbc520a4aa9231b959fe11966b882219f2d6c89b6b6b7

  • SSDEEP

    98304:LxC3y4a18e2eODct/fLgLzI/ZYm9OZNmW3igVzOeMIl:r4a1SeODceQaBNmylLl

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

gingles.dynu.net:1607

Mutex

6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2c5995ae8a1d66637c164c65660968d15f94e4d3034472263a4384e91ee7e991

    • Size

      4.6MB

    • MD5

      0bc800157f24add743a3949dc895a654

    • SHA1

      9511d912df936380ccb4fc883959f80a32bc5bf3

    • SHA256

      2c5995ae8a1d66637c164c65660968d15f94e4d3034472263a4384e91ee7e991

    • SHA512

      223b7e2e2cb38fcc6e1b2e0383989bdb65029806889ba1beb989d54641d1d0fc8e69ab134e742b0cb09dbc520a4aa9231b959fe11966b882219f2d6c89b6b6b7

    • SSDEEP

      98304:LxC3y4a18e2eODct/fLgLzI/ZYm9OZNmW3igVzOeMIl:r4a1SeODceQaBNmylLl

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks