Resubmissions

26/04/2023, 05:52

230426-gk1zbafd39 10

General

  • Target

    1.png

  • Size

    221KB

  • Sample

    230426-gk1zbafd39

  • MD5

    7efd33c9b3da8fb2d777f0e81db1ece0

  • SHA1

    d2399659b3429c2c01424d7d50b8483f7c09f345

  • SHA256

    704c75deb0b504ec8c6bc8242c3bc5ca896efdfc892089d4326f8f0fdc11cc6b

  • SHA512

    b5ce0e0a713c2da126fe8d5997c9efcfa3137ee60b8892bc33582b15167fcf6a53ad63f5aee1a71c54f92b8917e047b37c517451a2a749c026cef9ed2776315a

  • SSDEEP

    3072:5rWnYk7cqs/gY/7dsgA54HHX0315N3Apl:9yNgA5kE315N3Apl

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

mikedonohue.kozow.com:30305

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1.png

    • Size

      221KB

    • MD5

      7efd33c9b3da8fb2d777f0e81db1ece0

    • SHA1

      d2399659b3429c2c01424d7d50b8483f7c09f345

    • SHA256

      704c75deb0b504ec8c6bc8242c3bc5ca896efdfc892089d4326f8f0fdc11cc6b

    • SHA512

      b5ce0e0a713c2da126fe8d5997c9efcfa3137ee60b8892bc33582b15167fcf6a53ad63f5aee1a71c54f92b8917e047b37c517451a2a749c026cef9ed2776315a

    • SSDEEP

      3072:5rWnYk7cqs/gY/7dsgA54HHX0315N3Apl:9yNgA5kE315N3Apl

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks