General

  • Target

    be36b65ee8717f81b7d084d1a9b5073af0e8151a3c2b17dc86886ace2abfd07d

  • Size

    14.7MB

  • Sample

    231124-hqcdksgd24

  • MD5

    1054513d78d30bb3895caf7263822bd8

  • SHA1

    952751c225b1ec5b39640a5611fac374f42a6d34

  • SHA256

    be36b65ee8717f81b7d084d1a9b5073af0e8151a3c2b17dc86886ace2abfd07d

  • SHA512

    811a6cd085fad018e7ec60e116b75b75fcfe632687609b10da2b55220b1e111119e69be89a07417064a2d244886b072fce72ad1e93ffadc6cfcce94e8ed64de2

  • SSDEEP

    196608:GHd6DOuDUI/6yocMIH6NhsfqxOLoeUwKj4+3X3bA4IQu14GzK5b:id6lH/sIaEfqAoeUwI4W3lu14GzKp

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Winlogo

C2

46.1.103.69:2341

Mutex

Winlogo

Attributes
  • delay

    3

  • install

    false

  • install_file

    Winlogo

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      be36b65ee8717f81b7d084d1a9b5073af0e8151a3c2b17dc86886ace2abfd07d

    • Size

      14.7MB

    • MD5

      1054513d78d30bb3895caf7263822bd8

    • SHA1

      952751c225b1ec5b39640a5611fac374f42a6d34

    • SHA256

      be36b65ee8717f81b7d084d1a9b5073af0e8151a3c2b17dc86886ace2abfd07d

    • SHA512

      811a6cd085fad018e7ec60e116b75b75fcfe632687609b10da2b55220b1e111119e69be89a07417064a2d244886b072fce72ad1e93ffadc6cfcce94e8ed64de2

    • SSDEEP

      196608:GHd6DOuDUI/6yocMIH6NhsfqxOLoeUwKj4+3X3bA4IQu14GzK5b:id6lH/sIaEfqAoeUwI4W3lu14GzKp

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks