General

  • Target

    fd4b5f2b52d9a4db5a1caa4b036d180eea257637f57d5abbda88e7dadfca8920

  • Size

    2.6MB

  • Sample

    231124-hw73fagd85

  • MD5

    18450bd9ae592e0d6f358fcc3dbc44ca

  • SHA1

    b87ae1e1b94363e852ccb56ad6e9be98bdf1b127

  • SHA256

    fd4b5f2b52d9a4db5a1caa4b036d180eea257637f57d5abbda88e7dadfca8920

  • SHA512

    490ea30d12270b1db0bd6872dcc38f92b1773bb80c9e0f539b27f4c4cd99b82798bfb67ae9000c89489f3ac87e4a60054d84f17521a076bd3004a616e6233fbb

  • SSDEEP

    49152:/WsTEkwghTKv4jysGUqgCoOtt1JKMNFRjJYKWpH:/FEkwghTKv4jysGUqgCxtthNFRje

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MicrosoftEdge

C2

46.1.103.69:9371

Mutex

MicrosoftEdge

Attributes
  • delay

    3

  • install

    false

  • install_file

    MicrosoftEdge

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      fd4b5f2b52d9a4db5a1caa4b036d180eea257637f57d5abbda88e7dadfca8920

    • Size

      2.6MB

    • MD5

      18450bd9ae592e0d6f358fcc3dbc44ca

    • SHA1

      b87ae1e1b94363e852ccb56ad6e9be98bdf1b127

    • SHA256

      fd4b5f2b52d9a4db5a1caa4b036d180eea257637f57d5abbda88e7dadfca8920

    • SHA512

      490ea30d12270b1db0bd6872dcc38f92b1773bb80c9e0f539b27f4c4cd99b82798bfb67ae9000c89489f3ac87e4a60054d84f17521a076bd3004a616e6233fbb

    • SSDEEP

      49152:/WsTEkwghTKv4jysGUqgCoOtt1JKMNFRjJYKWpH:/FEkwghTKv4jysGUqgCxtthNFRje

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Async RAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks