General

  • Target

    ef4167fa576c497ae8d67f21426cc907.bin

  • Size

    60KB

  • Sample

    230426-b9vkyaed22

  • MD5

    3e540e85278b82ffac026d5cb26f2664

  • SHA1

    df56d178b0dbd50da9cf9894a2a99f5901c52591

  • SHA256

    43b8031b5e4f9c2184fe64594ec1e53794d51fe49e9edd13b785512160fff3de

  • SHA512

    7c5b1cee14aeb394266f067f00a40a0ae18f273726fb52edd98653421ce41dbc22cfca5cd4a678099090f3f4694ecdf655fe93eaaa0a07c4e948edb9b522e153

  • SSDEEP

    1536:EhiFeNxCtqxy29KnoUnpG94/a7KcQSBNIHEl6ncQdvXJUmeA:EYeNxCmQ3pGMOIHjcQdCA

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

bahrdevo.endoftheinternet.org:6606

bahrdevo.endoftheinternet.org:7707

bahrdevo.endoftheinternet.org:8808

Mutex

AsyncMutex_gekPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      921b4f6811d98c61b29a90639c2cf9dde8194bbf0c4ffac7eab55a2fc598bdcd.unknown

    • Size

      226KB

    • MD5

      ef4167fa576c497ae8d67f21426cc907

    • SHA1

      8c2fcf767b315632616717cbce801bccb3958f7b

    • SHA256

      921b4f6811d98c61b29a90639c2cf9dde8194bbf0c4ffac7eab55a2fc598bdcd

    • SHA512

      20c51b4ca12c5548b7d7d4b33afe7ceaa299de45b2579bf5cd36decfb1375538a014afc10ebe8a7580ea8885ebdc8c3619a4ade260ff9d840d8a8665adbd6c97

    • SSDEEP

      6144:gk0t0ZnKWQIixAxI0M6yPQ7FuiIpUCLR7mzCl6Vhp315D3Ap+:gk0t0ZOxAxI0MfPQ7FuiIpUCLR7mzClw

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks