General

  • Target

    0e4914efb724d77aef2ea3af050b77c069fc248803274e4604df68263994cf9d

  • Size

    1MB

  • Sample

    231207-ykq8jsfb82

  • MD5

    0af5640c10a01123e3045cf90427cbf9

  • SHA1

    0085341bf889e67d391cfb60e14bf90d4e34deb0

  • SHA256

    0e4914efb724d77aef2ea3af050b77c069fc248803274e4604df68263994cf9d

  • SHA512

    f0ad3bad2cf8ad633c9f88af1467b1de42a0b6f4f536a9c6499d0ca1625197a2e6c944c6ca25b7c70f5c000a319bab4bacf62f0625008ba9f643e622146d1921

  • SSDEEP

    24576:mlVP4iQzePuruuXj/co135PXs0YVfX6zWEGFEzPQ+fmU2ZOScgCe:UWBj/caVXCVvJQnSPCe

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

1.err.line.pm:4449

Mutex

glzznzesxsoyn

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      0e4914efb724d77aef2ea3af050b77c069fc248803274e4604df68263994cf9d

    • Size

      1MB

    • MD5

      0af5640c10a01123e3045cf90427cbf9

    • SHA1

      0085341bf889e67d391cfb60e14bf90d4e34deb0

    • SHA256

      0e4914efb724d77aef2ea3af050b77c069fc248803274e4604df68263994cf9d

    • SHA512

      f0ad3bad2cf8ad633c9f88af1467b1de42a0b6f4f536a9c6499d0ca1625197a2e6c944c6ca25b7c70f5c000a319bab4bacf62f0625008ba9f643e622146d1921

    • SSDEEP

      24576:mlVP4iQzePuruuXj/co135PXs0YVfX6zWEGFEzPQ+fmU2ZOScgCe:UWBj/caVXCVvJQnSPCe

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks