General

  • Target

    Memory.vbs

  • Size

    2.9MB

  • Sample

    230430-m1swjahd99

  • MD5

    dc41ef27fd74ade70d62e7bfcbbe2de2

  • SHA1

    e8282edf1205c6cfccef3cdf41ea4303a45c5745

  • SHA256

    ad9a2790803eb17a4e3977c514c4ca98e520cb38f00f8103ee5f2cc1ed209b47

  • SHA512

    ae779c4b20616e92080ba02167b1105d73a001bbf612efadbe7b84be355918f6aa1d582e7ae45478d84d8349651db99efd36b4545a85334e5945382c90875d36

  • SSDEEP

    1536:khTJiTSxGdQkVHgnlUTCAmTzZQXEXtXX8XZXDKcZtDRRj7aqDfR/wyihW9Qk2vSj:C6uECAm0wyihW9Qk2vSk8BtaN8wRnX5W

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

95.214.24.134:1911

95.214.24.134:1912

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Memory.vbs

    • Size

      2.9MB

    • MD5

      dc41ef27fd74ade70d62e7bfcbbe2de2

    • SHA1

      e8282edf1205c6cfccef3cdf41ea4303a45c5745

    • SHA256

      ad9a2790803eb17a4e3977c514c4ca98e520cb38f00f8103ee5f2cc1ed209b47

    • SHA512

      ae779c4b20616e92080ba02167b1105d73a001bbf612efadbe7b84be355918f6aa1d582e7ae45478d84d8349651db99efd36b4545a85334e5945382c90875d36

    • SSDEEP

      1536:khTJiTSxGdQkVHgnlUTCAmTzZQXEXtXX8XZXDKcZtDRRj7aqDfR/wyihW9Qk2vSj:C6uECAm0wyihW9Qk2vSk8BtaN8wRnX5W

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks