General

  • Target

    b38b8c6db56572b3d35f67e8a4788ecbd97b0cbbfce0b229d79523060449dd4a

  • Size

    67KB

  • Sample

    231116-jm4jbshf4v

  • MD5

    58b3751adb11328f201465befff49bc9

  • SHA1

    bb4499ceecc4d919af5444d8bc577777ab9332f6

  • SHA256

    b38b8c6db56572b3d35f67e8a4788ecbd97b0cbbfce0b229d79523060449dd4a

  • SHA512

    d398ada1f73138e3267ce586302e3ff52f06d88f81921d696e4b11e2c614a6322059a6409974acbfe90e8d17e70179e8361eacf339b755eecb405b79d3fcdbdd

  • SSDEEP

    768:zVS7C1tFriaMWl2k7dkXJ1W504bVxeFXHrJXf/0LFfnC9SCvHmBbs1pp+V1oUNSO:ge1friZ21uvX9fanCoU6bK+NSlCb

Score
10/10

Malware Config

Extracted

Family

asyncrat

C2

127.0.0.1:8848

Mutex

火绒远程管理

Attributes
  • delay

    1

  • install

    true

  • install_file

    123.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      b38b8c6db56572b3d35f67e8a4788ecbd97b0cbbfce0b229d79523060449dd4a

    • Size

      67KB

    • MD5

      58b3751adb11328f201465befff49bc9

    • SHA1

      bb4499ceecc4d919af5444d8bc577777ab9332f6

    • SHA256

      b38b8c6db56572b3d35f67e8a4788ecbd97b0cbbfce0b229d79523060449dd4a

    • SHA512

      d398ada1f73138e3267ce586302e3ff52f06d88f81921d696e4b11e2c614a6322059a6409974acbfe90e8d17e70179e8361eacf339b755eecb405b79d3fcdbdd

    • SSDEEP

      768:zVS7C1tFriaMWl2k7dkXJ1W504bVxeFXHrJXf/0LFfnC9SCvHmBbs1pp+V1oUNSO:ge1friZ21uvX9fanCoU6bK+NSlCb

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks