General

  • Target

    33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe

  • Size

    1.0MB

  • Sample

    230504-rcnzwsch25

  • MD5

    40007c48c4a68c28353bc2263e46a8aa

  • SHA1

    edc72a9967bda687d56ddfe0fddbca15d0c40035

  • SHA256

    33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11

  • SHA512

    2c6b5b33cf6338f8db9d81e51cdcd7782753dc25e26806a5ba8fa6c8982abc3c898c28751060f5c697a511c59ab6a4b9e24a234fa1f000ae14086815152fef77

  • SSDEEP

    24576:NTbBv5rUanOuF+8bQybXmmNxrndGryTBZPa:HBjbs8bQSXVdGoBZy

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.120.210.219:48408

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe

    • Size

      1.0MB

    • MD5

      40007c48c4a68c28353bc2263e46a8aa

    • SHA1

      edc72a9967bda687d56ddfe0fddbca15d0c40035

    • SHA256

      33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11

    • SHA512

      2c6b5b33cf6338f8db9d81e51cdcd7782753dc25e26806a5ba8fa6c8982abc3c898c28751060f5c697a511c59ab6a4b9e24a234fa1f000ae14086815152fef77

    • SSDEEP

      24576:NTbBv5rUanOuF+8bQybXmmNxrndGryTBZPa:HBjbs8bQSXVdGoBZy

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks