General

  • Target

    KaSr_uni.exe

  • Size

    63KB

  • Sample

    230425-d424yaaa4y

  • MD5

    40b8f3c578549c6844fec4ba13c71dfc

  • SHA1

    ddf2e0a2c47bc4b2bc2405eb643ea3da117fc205

  • SHA256

    9bc6f7078b4a80e7363336194ffccb04d646da487bb093775b3caefd224f7d87

  • SHA512

    d15904201e1d4bc723c82eb40b7c90c3efdec073ed6f0a7dbae3590e55f098a15b8cabb6e902edc8398e8434d2c446ab8ddc11076c7fb0212ba23cbcd0f0d3a6

  • SSDEEP

    1536:QhJ2nXvFHsHLhSNbfzYmdOpIYIbbTwEJn+G/tpqKmY7:OJ2nXvFHsHL+bbYutYIbbTBx12z

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.1.0

Botnet

Default

C2

31.192.236.139:3434

Mutex

KalaChowaMutex_alladin

Attributes
  • delay

    1

  • install

    true

  • install_file

    WinService.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      KaSr_uni.exe

    • Size

      63KB

    • MD5

      40b8f3c578549c6844fec4ba13c71dfc

    • SHA1

      ddf2e0a2c47bc4b2bc2405eb643ea3da117fc205

    • SHA256

      9bc6f7078b4a80e7363336194ffccb04d646da487bb093775b3caefd224f7d87

    • SHA512

      d15904201e1d4bc723c82eb40b7c90c3efdec073ed6f0a7dbae3590e55f098a15b8cabb6e902edc8398e8434d2c446ab8ddc11076c7fb0212ba23cbcd0f0d3a6

    • SSDEEP

      1536:QhJ2nXvFHsHLhSNbfzYmdOpIYIbbTwEJn+G/tpqKmY7:OJ2nXvFHsHL+bbYutYIbbTBx12z

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks