General

  • Target

    document.js

  • Size

    12KB

  • Sample

    230327-t1g8csgd21

  • MD5

    4c68ce2c82c149bf635a6889f8ab79ee

  • SHA1

    1459605f639de1549ac2a017f40901bad14e075f

  • SHA256

    a1b2dc89cf53829809078cfa4961df67321fdb9323fe9f10b310120d6b9aab5a

  • SHA512

    c21aa6e314388cc166ac58f159fe222559f7657d2709be2d1e217c50bd14d6fd7f6eeb0bccde0d82da0f74abb9d40f49eb54dd4a404f2f8c49ea88fc0095e0e4

  • SSDEEP

    192:sLpZZb71ltuYf+EKTnC0hIJcvTMC4rAVl//iNlIucYiiwFH2+Nbdq0w:O7Y1TnCWKcvTAud/CO3iwFH2+Na

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

xxxprofxxx.dnsdojo.com:5126

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      document.js

    • Size

      12KB

    • MD5

      4c68ce2c82c149bf635a6889f8ab79ee

    • SHA1

      1459605f639de1549ac2a017f40901bad14e075f

    • SHA256

      a1b2dc89cf53829809078cfa4961df67321fdb9323fe9f10b310120d6b9aab5a

    • SHA512

      c21aa6e314388cc166ac58f159fe222559f7657d2709be2d1e217c50bd14d6fd7f6eeb0bccde0d82da0f74abb9d40f49eb54dd4a404f2f8c49ea88fc0095e0e4

    • SSDEEP

      192:sLpZZb71ltuYf+EKTnC0hIJcvTMC4rAVl//iNlIucYiiwFH2+Nbdq0w:O7Y1TnCWKcvTAud/CO3iwFH2+Na

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks