General

  • Target

    air.exe

  • Size

    546.0MB

  • Sample

    230314-wk6xwsgh68

  • MD5

    96e76869ca559f863971a6fd34a59880

  • SHA1

    25e6a0aec1979ed0211f7a43169f84909768dc59

  • SHA256

    a50226277ea1a7650f631a480215838dd804d8cfb053a1d19953adb016239472

  • SHA512

    b790ec7f0d355300a6720c6335ba2935321ada6ba28a224a74880e3761de0a39931ea07f0ede69c957d89d1a15ea3f188e4a89d80dd5c283b9d2f74b30bd7bdd

  • SSDEEP

    24576:8pLyY1pSPiQuPDGBJOcsYgtb9Nn9KvGocPtdf:8puY1pSKQuPDGBJMYgtBN96nc

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

209.145.56.157:6606

209.145.56.157:7707

209.145.56.157:8808

Mutex

MUSIC

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      air.exe

    • Size

      546.0MB

    • MD5

      96e76869ca559f863971a6fd34a59880

    • SHA1

      25e6a0aec1979ed0211f7a43169f84909768dc59

    • SHA256

      a50226277ea1a7650f631a480215838dd804d8cfb053a1d19953adb016239472

    • SHA512

      b790ec7f0d355300a6720c6335ba2935321ada6ba28a224a74880e3761de0a39931ea07f0ede69c957d89d1a15ea3f188e4a89d80dd5c283b9d2f74b30bd7bdd

    • SSDEEP

      24576:8pLyY1pSPiQuPDGBJOcsYgtb9Nn9KvGocPtdf:8puY1pSKQuPDGBJMYgtBN96nc

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks