General

  • Target

    SearchUpdates.7z

  • Size

    13.9MB

  • Sample

    230131-z9gk3scd5s

  • MD5

    8a0d0c37749f0255730a68cadcacd96a

  • SHA1

    fcdc5f5dabb5131a086290e52c4f3a34b509eeff

  • SHA256

    80c70e397910f9de0bd81817f9d5eab3768efe3b9e3f5b3f25930e825213c62b

  • SHA512

    193f10cbb10ed2ec5948c3675ab06265f4444a93435300ee2f9faa3986a5bac61457b9e8128fa4226e21585da8b8ebf7f3b8351a0e2ebe5e1a78123010660448

  • SSDEEP

    393216:ThojdDrzJ1mezhvBZYmJQa5ugSkavAvjR7b:uhrzJ1mezxRJQSSkavAvj9b

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:53898

127.0.0.1:16409

147.185.221.181:8848

147.185.221.181:53898

147.185.221.181:16409

Mutex

svschost

Attributes
  • delay

    1

  • install

    true

  • install_file

    svschost.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      SearchUpdates.exe

    • Size

      14.0MB

    • MD5

      b50befa21d58cb69f792a969d8f63519

    • SHA1

      61dfd2e8121ed65475ca4d963f94d7689792289b

    • SHA256

      40ea15b26bbc3fbb554a1ad0345bdd616a607d8eb39d8cdf3131508cfc1a5f26

    • SHA512

      5b0a56f45230be28499738be0479077f41590f18206730a2fb82386635d5c1bfb1f52e0bed7aa1fdf539de11b194314084ca24e8ae88257742c347c05d5cf902

    • SSDEEP

      393216:lZSjr23j6K1YqU0vWmykGfqR7/Rp5YTjZcSu:ae3j6K1YqKRkGc/Rp5YTj2Su

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks