General

  • Target

    PO00045789632.exe

  • Size

    700KB

  • Sample

    230507-eym89sfa65

  • MD5

    7bf0cf26aa0bb42776ffa79feb7ff3d0

  • SHA1

    6ba11eb1f686e3fccd225d7bb162bd20f67037a5

  • SHA256

    80296fd8a32f5a02fd9d8ac1fb010df2736d89293b3a2a124f3062ef2ed9836a

  • SHA512

    8d0199e2c468aa291a8ed94d6cba3f6b5952e27c9ffed3d8aa876fc2fdaf9c3fa2834fffcd60a3860358fa24c94e49767cea1ccc91f48ff12bc2a3fc4f93c20b

  • SSDEEP

    12288:eXJcu0qu2P4smwHO2Q3NOW1CetS0V7At+SRyG0o+VBYUk2gk0rYk4BTN:vuA4FuhgpM7EyGyUUk2gNStN

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

192.3.101.190:2015

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PO00045789632.exe

    • Size

      700KB

    • MD5

      7bf0cf26aa0bb42776ffa79feb7ff3d0

    • SHA1

      6ba11eb1f686e3fccd225d7bb162bd20f67037a5

    • SHA256

      80296fd8a32f5a02fd9d8ac1fb010df2736d89293b3a2a124f3062ef2ed9836a

    • SHA512

      8d0199e2c468aa291a8ed94d6cba3f6b5952e27c9ffed3d8aa876fc2fdaf9c3fa2834fffcd60a3860358fa24c94e49767cea1ccc91f48ff12bc2a3fc4f93c20b

    • SSDEEP

      12288:eXJcu0qu2P4smwHO2Q3NOW1CetS0V7At+SRyG0o+VBYUk2gk0rYk4BTN:vuA4FuhgpM7EyGyUUk2gNStN

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks