General

  • Target

    WeNcYTMHxi.bin

  • Size

    317KB

  • Sample

    230311-jekq9agh45

  • MD5

    801c183b963fe6aabdd9b10e540fe618

  • SHA1

    be65bedc7c145034861e1de8caeda0453c95d6dc

  • SHA256

    f0c1a54e1562622d481a6b1512713b14eedbe9ee41d3e04cd1141cd11cafaf8d

  • SHA512

    880ef4b6f1deacf7fda92c1cf5a67eb34dd78d822a79cace0f09721a96321c5b7d1ddf86eb7f2bfce7e66d89dcf83f9259f73606a700a61fc97eefbad4a3d63c

  • SSDEEP

    6144:5Pc/W50lVBpwrGJtxi5a/QETmT0ZkErwN+bAAv0peN+Gk4qQRKPEoNJiK5Ngml18:5Pc/W50lVBpwrGJtxi5a/QETmT0ZkErW

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

192.168.1.4:6606

192.168.1.4:7707

192.168.1.4:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      WeNcYTMHxi.bin

    • Size

      317KB

    • MD5

      801c183b963fe6aabdd9b10e540fe618

    • SHA1

      be65bedc7c145034861e1de8caeda0453c95d6dc

    • SHA256

      f0c1a54e1562622d481a6b1512713b14eedbe9ee41d3e04cd1141cd11cafaf8d

    • SHA512

      880ef4b6f1deacf7fda92c1cf5a67eb34dd78d822a79cace0f09721a96321c5b7d1ddf86eb7f2bfce7e66d89dcf83f9259f73606a700a61fc97eefbad4a3d63c

    • SSDEEP

      6144:5Pc/W50lVBpwrGJtxi5a/QETmT0ZkErwN+bAAv0peN+Gk4qQRKPEoNJiK5Ngml18:5Pc/W50lVBpwrGJtxi5a/QETmT0ZkErW

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks