General

  • Target

    B.PNG

  • Size

    226KB

  • Sample

    230501-f9prxaee77

  • MD5

    fb299e0e8ae35692f1541b2912812184

  • SHA1

    4ef1f2589e960b9645a8010920da2b1caacdd350

  • SHA256

    e2e4ce0315ef9f241c5d3ab09ccc9de3f8bd71f5388d8a4dd7fadd0a1110f266

  • SHA512

    ba36c4ad9721ad46f2cd56a819643ed4d01804d76952638c1f7842d745c10ca0e70be874ad5e6de504627c4210545247b9da9312574fb0fc658fe13032450863

  • SSDEEP

    1536:FeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIypsc8bIX:gk0t0iInKWQIyjdZaRMXYxr315+3ApA

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

Modyhr.ddnsfree.com:6606

Modyhr.ddnsfree.com:7707

Modyhr.ddnsfree.com:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      B.PNG

    • Size

      226KB

    • MD5

      fb299e0e8ae35692f1541b2912812184

    • SHA1

      4ef1f2589e960b9645a8010920da2b1caacdd350

    • SHA256

      e2e4ce0315ef9f241c5d3ab09ccc9de3f8bd71f5388d8a4dd7fadd0a1110f266

    • SHA512

      ba36c4ad9721ad46f2cd56a819643ed4d01804d76952638c1f7842d745c10ca0e70be874ad5e6de504627c4210545247b9da9312574fb0fc658fe13032450863

    • SSDEEP

      1536:FeMD10HxuHY05UIy4rpmLoKZqcxU7SHzqQHw7rRim3ve0pAGFBQDVWQIypsc8bIX:gk0t0iInKWQIyjdZaRMXYxr315+3ApA

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks