General

  • Target

    AsyncRat.exe

  • Size

    2.6MB

  • Sample

    230426-vzbvmacf5y

  • MD5

    c210607e74baffc542110c60378fb034

  • SHA1

    73aa5dfa9a796fc8adc83ddb82375e17ccab28c0

  • SHA256

    95bab70aa35fa3b403de445c883dcaa84998690ffb54d3a8f9d25a19e5e36f42

  • SHA512

    6d5c9019728af047a0e904c7d12a7db8af34b00ac289a279af937be47aa38fab077571315b15ae13bc68f8e17bfcd6ae5d779bb988e5887fe8cbbde0e9c50376

  • SSDEEP

    24576:HUIog50eJ8FmTPCeZ6FW0dHnulKtu1Dze6HDpLtllJz8+iTODtMm8VyRbNvvLDAi:H3b8FmTGmd2OxSHxoZdMK7ajwVwg

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

15.235.130.74:6606

15.235.130.74:7707

15.235.130.74:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AsyncRat.exe

    • Size

      2.6MB

    • MD5

      c210607e74baffc542110c60378fb034

    • SHA1

      73aa5dfa9a796fc8adc83ddb82375e17ccab28c0

    • SHA256

      95bab70aa35fa3b403de445c883dcaa84998690ffb54d3a8f9d25a19e5e36f42

    • SHA512

      6d5c9019728af047a0e904c7d12a7db8af34b00ac289a279af937be47aa38fab077571315b15ae13bc68f8e17bfcd6ae5d779bb988e5887fe8cbbde0e9c50376

    • SSDEEP

      24576:HUIog50eJ8FmTPCeZ6FW0dHnulKtu1Dze6HDpLtllJz8+iTODtMm8VyRbNvvLDAi:H3b8FmTGmd2OxSHxoZdMK7ajwVwg

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks