General

  • Target

    dccd94fcb5cd38b6077af35e7e85aaa867f263a9d00910197388e11e71c6b5e3

  • Size

    6KB

  • Sample

    231124-hp7s4ahd6x

  • MD5

    142a3cc69d15044024d4ccd3282e20f6

  • SHA1

    a2ebe1b4cddc1012ba96c8e4dc0905d95501f69b

  • SHA256

    dccd94fcb5cd38b6077af35e7e85aaa867f263a9d00910197388e11e71c6b5e3

  • SHA512

    9da05e395f0636b90d1c9132d485ca75bbb1a2bccfe46b1ae0c1bab6e5101928a2b548786e66aebde27e5b005ccdf0c48592b87659f7688a1976a70c1982ca6f

  • SSDEEP

    96:QxWt79OKCFyRry6nGNjtMIYVfAYBsVvk+1vGxPd3ojprl:QxWl9ORFmy6GNJMINY2vkBPd8

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Winlogo

C2

46.1.103.69:2341

Mutex

Winlogo

Attributes
  • delay

    3

  • install

    false

  • install_file

    Winlogo

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      dccd94fcb5cd38b6077af35e7e85aaa867f263a9d00910197388e11e71c6b5e3

    • Size

      6KB

    • MD5

      142a3cc69d15044024d4ccd3282e20f6

    • SHA1

      a2ebe1b4cddc1012ba96c8e4dc0905d95501f69b

    • SHA256

      dccd94fcb5cd38b6077af35e7e85aaa867f263a9d00910197388e11e71c6b5e3

    • SHA512

      9da05e395f0636b90d1c9132d485ca75bbb1a2bccfe46b1ae0c1bab6e5101928a2b548786e66aebde27e5b005ccdf0c48592b87659f7688a1976a70c1982ca6f

    • SSDEEP

      96:QxWt79OKCFyRry6nGNjtMIYVfAYBsVvk+1vGxPd3ojprl:QxWl9ORFmy6GNJMINY2vkBPd8

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks