General

  • Target

    stub.exe

  • Size

    66KB

  • Sample

    230501-fs4vhagd7w

  • MD5

    915c194ce83fa5e97aea45f447bc753e

  • SHA1

    6b99f0058ff24475149d79fc271ca3561269be76

  • SHA256

    acd3fc66fd0197318253d2d5f4cb724b6cb54963f554b60839d03a252f560901

  • SHA512

    a6f0ec6103ad3ea4d02e919494b9c94e2a4192f9d706fdcdff42d7bb3da65c7f8af3cf6b3e841fc5ea401c2c54b2677f6ec82f7c7a31e581232c65747058e0e2

  • SSDEEP

    1536:J2wukvF1ak9gcKu5UYFX1UMxvUb0JUM0I1g/ln6PrQTGpx:J2dkvF1ak9Ku5UYFFRMb0l0ILGqx

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

ghoss.freeddns.org:6606

ghoss.freeddns.org:7707

ghoss.freeddns.org:8808

Mutex

AsyncMutex_6SI68OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      stub.exe

    • Size

      66KB

    • MD5

      915c194ce83fa5e97aea45f447bc753e

    • SHA1

      6b99f0058ff24475149d79fc271ca3561269be76

    • SHA256

      acd3fc66fd0197318253d2d5f4cb724b6cb54963f554b60839d03a252f560901

    • SHA512

      a6f0ec6103ad3ea4d02e919494b9c94e2a4192f9d706fdcdff42d7bb3da65c7f8af3cf6b3e841fc5ea401c2c54b2677f6ec82f7c7a31e581232c65747058e0e2

    • SSDEEP

      1536:J2wukvF1ak9gcKu5UYFX1UMxvUb0JUM0I1g/ln6PrQTGpx:J2dkvF1ak9Ku5UYFFRMb0l0ILGqx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks