Resubmissions

11/03/2023, 19:58

230311-ypv3asch8w 10

11/03/2023, 19:54

230311-yml2lsbb27 10

General

  • Target

    test.exe

  • Size

    2.9MB

  • Sample

    230311-ypv3asch8w

  • MD5

    500151e7dc0acc7fda0cd4d3870ecacd

  • SHA1

    4a634975feb1c3adf814cfb0ff5dfcf75ad5dfdf

  • SHA256

    01035e3da31903105da034556332fdb5e12b1b73d3bdd743c53dda86b1a02f2f

  • SHA512

    6b082b7111bef5fec0193da473ff766b6ecc1b71fe985d2728354bb11ef948f4a6200849b1d9f98746c30783fe58e1d4f68c57f496d391ee43a963e926b42da5

  • SSDEEP

    49152:RDwZ5Z54M/4rYHU50V5tT3Eo2dhlYbAoxrYYHX7iWd7r9adMu:iZB4i4rF2Yo2dhExrhHLBd7rqMu

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

coolmaneurokoolcom-26401.portmap.host:26401

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    ABDJCM.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      test.exe

    • Size

      2.9MB

    • MD5

      500151e7dc0acc7fda0cd4d3870ecacd

    • SHA1

      4a634975feb1c3adf814cfb0ff5dfcf75ad5dfdf

    • SHA256

      01035e3da31903105da034556332fdb5e12b1b73d3bdd743c53dda86b1a02f2f

    • SHA512

      6b082b7111bef5fec0193da473ff766b6ecc1b71fe985d2728354bb11ef948f4a6200849b1d9f98746c30783fe58e1d4f68c57f496d391ee43a963e926b42da5

    • SSDEEP

      49152:RDwZ5Z54M/4rYHU50V5tT3Eo2dhlYbAoxrYYHX7iWd7r9adMu:iZB4i4rF2Yo2dhExrhHLBd7rqMu

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks