General

  • Target

    ExLoader_Installer.exe

  • Size

    22.7MB

  • Sample

    230312-sepvmsgc61

  • MD5

    140af65d80b2207d27d06d615c26cf1b

  • SHA1

    b8f2870f031557d2148a1815fe58bf80d4638ab1

  • SHA256

    8c10614f9a30ed7886e22cde541cd3e71a6ac2fd32723d55159d27fbbe8b510a

  • SHA512

    9a624e61ad361733c6f259452911d18223770225b4335f19094771f9fed511c53d813651b349a64dda16ede7c27b480036da03733dd708511fa8afa342635657

  • SSDEEP

    393216:ZoB0I1xT3gkcWP26cFqkjGfki8d4Rr0mekeO8vduCx:g3gPWP2S7446TP9

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    71

  • install

    true

  • install_file

    csrss.exe

  • install_folder

    %Temp%

  • pastebin_config

    https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

    • Target

      ExLoader_Installer.exe

    • Size

      22.7MB

    • MD5

      140af65d80b2207d27d06d615c26cf1b

    • SHA1

      b8f2870f031557d2148a1815fe58bf80d4638ab1

    • SHA256

      8c10614f9a30ed7886e22cde541cd3e71a6ac2fd32723d55159d27fbbe8b510a

    • SHA512

      9a624e61ad361733c6f259452911d18223770225b4335f19094771f9fed511c53d813651b349a64dda16ede7c27b480036da03733dd708511fa8afa342635657

    • SSDEEP

      393216:ZoB0I1xT3gkcWP26cFqkjGfki8d4Rr0mekeO8vduCx:g3gPWP2S7446TP9

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks