General

  • Target

    ExLoader_Installer.exe

  • Size

    22.7MB

  • Sample

    230312-sc1jcseb96

  • MD5

    1984597d30e887628b90572a6357bba2

  • SHA1

    29c97f38f52bab03f2eb88f4e064f84e427edc52

  • SHA256

    46c7e32e60e27069b55a0699950d4924735e761900c4ad91a9ad8ffe8f30a0da

  • SHA512

    ae7ab4a44b3546fd6b9a7b9d73e23b9d54bf6379cbba05376901899bdbd6af86dc60a00342261f7485cbb7fd9d6df244570b686c0cd6b9131819128d985be1c1

  • SSDEEP

    393216:s8p+QAEKfrOudWlitro+V1UsfUous4fXi0m:tjArLtrV1Us4s4fX7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    71

  • install

    true

  • install_file

    csrss.exe

  • install_folder

    %Temp%

  • pastebin_config

    https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

    • Target

      ExLoader_Installer.exe

    • Size

      22.7MB

    • MD5

      1984597d30e887628b90572a6357bba2

    • SHA1

      29c97f38f52bab03f2eb88f4e064f84e427edc52

    • SHA256

      46c7e32e60e27069b55a0699950d4924735e761900c4ad91a9ad8ffe8f30a0da

    • SHA512

      ae7ab4a44b3546fd6b9a7b9d73e23b9d54bf6379cbba05376901899bdbd6af86dc60a00342261f7485cbb7fd9d6df244570b686c0cd6b9131819128d985be1c1

    • SSDEEP

      393216:s8p+QAEKfrOudWlitro+V1UsfUous4fXi0m:tjArLtrV1Us4s4fX7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks