General

  • Target

    077977e4f303e6bd85e495d1161aa037.bin

  • Size

    60KB

  • Sample

    230426-bcwfzaga4x

  • MD5

    d000670f6098de8363e42829c8691118

  • SHA1

    af23ed33474a50052fd575f1ef753d59e27c2ad2

  • SHA256

    212ec11d69c0c0c9e97f5cc50ebce68475140b9fd85c322998a8c198ab9d4ebf

  • SHA512

    8bbba1a3c37cc6d50f7bb1d29ad737f6b4df87de82e35255a0dbcd2f37bd8525d1c5aeaf95b49bf4620562c727d4bedf71d4e854ff9b3201506922ce7d6ed461

  • SSDEEP

    768:09f4AiWtCalVPoMz/0FEn68bYyK08U499xPSqFsCXSYhdckgJZ98Ca4ZmvRE8hD7:0loQ+g+iVK0AjPhBXybZ913mJEc/7j

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

195.178.120.137:4001

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      10882cb1fc5cfdf37b2bb6ea6ea9189f39ae8f0889eac96866cb72e3ea4e4b3c.unknown

    • Size

      226KB

    • MD5

      077977e4f303e6bd85e495d1161aa037

    • SHA1

      5dcebf0ed722733446426b0146e64259dce54097

    • SHA256

      10882cb1fc5cfdf37b2bb6ea6ea9189f39ae8f0889eac96866cb72e3ea4e4b3c

    • SHA512

      5fbdcfd9fe65fe27def2f3565162fc530bb15ad44d8a3454babf40f5a3540d1bdd62aed0c21b28c5acd43907266b36278b76532273a8180e336622cf2899a4f3

    • SSDEEP

      3072:Vk0t0iInKWQIy/pfnO5jEeu4BR315a3Aph:Vk0t0ZnKWQI8pvO5Aeu4H315a3Aph

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks