General

  • Target

    d306c25a14d2fd00e2c70ceab28fb71e.bin

  • Size

    669KB

  • Sample

    230331-chhmqshf5y

  • MD5

    c135e24b9c598dadbf4eafd71a15684b

  • SHA1

    41a18df34518293af0ad5c0521e991d45ac57d18

  • SHA256

    95ca03565f6736ac26cf0c16499fab8f1f49109fc230bdd7b74522b2790e7c1a

  • SHA512

    c1c28f33ca0899d161d77cb8032b4bf11be06dfc5318b8796b942da93d9a2a4c9d47d92b61f85e28da5dc3fd8ef7cb1d770b5cfb40c1b05d2bcabad22dffb2d8

  • SSDEEP

    12288:oWMUhqlYY5DRdQEcM5jYL1FmRnT12pOcxldy9pZ2Kx37kl5:ofKUFt5UL1FOTrcxry/fx3IT

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

45.12.253.77:8889

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      d8764958b166d33c1fc0442e8845d62862cb07155056650fb304f873f685b762.exe

    • Size

      892KB

    • MD5

      d306c25a14d2fd00e2c70ceab28fb71e

    • SHA1

      de4e738936e94033b6d9e4a871ffa9e78b4c5bf0

    • SHA256

      d8764958b166d33c1fc0442e8845d62862cb07155056650fb304f873f685b762

    • SHA512

      e7b2e8d253dcb222317d9025aa663e6cf6585456d41a658555e8a8609bf250160eafe58a328ccae52ce94a830d561e2c44b2446108d1fe9001cb002c64a5099c

    • SSDEEP

      24576:uU12zVZ97UTnxVnjzUjQG0+sUSj1FpT7HbUZ:uUAR37UrxVn005+sUSFbbU

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks