General

  • Target

    4e6f8cd5306fee53739097913dd8355fa285fe4bfd2f07817e795580537a689c

  • Size

    303KB

  • Sample

    231116-n8vkrsda6y

  • MD5

    f1a9eef4c73b9698714f21aecd3e4313

  • SHA1

    ddc75aac88f0e1180a57ae00b677e039cac0bc67

  • SHA256

    4e6f8cd5306fee53739097913dd8355fa285fe4bfd2f07817e795580537a689c

  • SHA512

    34f43a69fd03ddba1eb69457811df5376fd5da20deef4d529e924b1b60d6caf9fd11334b8d1f45deb07567b8ae8ea997e617c9542cd41e7aa928d1192d802b1d

  • SSDEEP

    6144:xFBzpyGTH4RHf+29zlfNA52vHhTfp85gmPu+6R5z:xFVhTc229pV+ihTfp852+2p

Score
10/10

Malware Config

Extracted

Family

asyncrat

C2

111.229.116.176:8848

Mutex

火绒远程管理

Attributes
  • delay

    1

  • install

    true

  • install_file

    gpuupdate.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      4e6f8cd5306fee53739097913dd8355fa285fe4bfd2f07817e795580537a689c

    • Size

      303KB

    • MD5

      f1a9eef4c73b9698714f21aecd3e4313

    • SHA1

      ddc75aac88f0e1180a57ae00b677e039cac0bc67

    • SHA256

      4e6f8cd5306fee53739097913dd8355fa285fe4bfd2f07817e795580537a689c

    • SHA512

      34f43a69fd03ddba1eb69457811df5376fd5da20deef4d529e924b1b60d6caf9fd11334b8d1f45deb07567b8ae8ea997e617c9542cd41e7aa928d1192d802b1d

    • SSDEEP

      6144:xFBzpyGTH4RHf+29zlfNA52vHhTfp85gmPu+6R5z:xFVhTc229pV+ihTfp852+2p

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks