General

  • Target

    40007c48c4a68c28353bc2263e46a8aa.bin

  • Size

    916KB

  • Sample

    230506-b8z42afe32

  • MD5

    65ce69498979de18d1be4bce9d07dcfd

  • SHA1

    675352d11288363611fb046381533fb11f0e9605

  • SHA256

    b88c8d5ab92cb9feec842a48b18f3ec0331a8b10f1829e402ccd04d780dc120e

  • SHA512

    f44a4c27874e5df91c4d8d9d4b73746892cc962a8841f17b6169dd1f897eb52e97c088dba9d1a7341f77efda5b5062abaff83baf8f1d404a11d99398455839f9

  • SSDEEP

    24576:MEBQID/D2gfWhvsOL5UyYDCt4iRksg+lPmu4XDspVo53vYH4L:vzKZTuywy7gkPB4wp4vlL

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.120.210.219:48408

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe

    • Size

      1.0MB

    • MD5

      40007c48c4a68c28353bc2263e46a8aa

    • SHA1

      edc72a9967bda687d56ddfe0fddbca15d0c40035

    • SHA256

      33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11

    • SHA512

      2c6b5b33cf6338f8db9d81e51cdcd7782753dc25e26806a5ba8fa6c8982abc3c898c28751060f5c697a511c59ab6a4b9e24a234fa1f000ae14086815152fef77

    • SSDEEP

      24576:NTbBv5rUanOuF+8bQybXmmNxrndGryTBZPa:HBjbs8bQSXVdGoBZy

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks