General

  • Target

    Client.exe

  • Size

    63KB

  • Sample

    230314-rx7mqsaa3v

  • MD5

    a9533ecf0afe30df69420cde51182da4

  • SHA1

    77398fe38a18597d3a3829f31624af408bb37b16

  • SHA256

    696bb916175fb1aef752175c808ffdb52e7aabaa18406790cc78cb0e35c5b00a

  • SHA512

    1c78af179339c8215c403741a764d8eaa9f36d686b28a8d95a9c1c84152b9202e2db9205bc017ab6891d962a7b3baa65d1d9940e65d964be04b763d23758e2f0

  • SSDEEP

    1536:DZJttUdjLAQB/eeiMl8GbbXw6TEyGVZVclN:DZJttUdjvBGeFmGbbXdszY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_file

    csrss.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/3Z9zi18j

aes.plain

Targets

    • Target

      Client.exe

    • Size

      63KB

    • MD5

      a9533ecf0afe30df69420cde51182da4

    • SHA1

      77398fe38a18597d3a3829f31624af408bb37b16

    • SHA256

      696bb916175fb1aef752175c808ffdb52e7aabaa18406790cc78cb0e35c5b00a

    • SHA512

      1c78af179339c8215c403741a764d8eaa9f36d686b28a8d95a9c1c84152b9202e2db9205bc017ab6891d962a7b3baa65d1d9940e65d964be04b763d23758e2f0

    • SSDEEP

      1536:DZJttUdjLAQB/eeiMl8GbbXw6TEyGVZVclN:DZJttUdjvBGeFmGbbXdszY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks