General

  • Target

    63b9655e7ae47fa38af210f22a5890af

  • Size

    922KB

  • Sample

    240117-1y2bsagba3

  • MD5

    63b9655e7ae47fa38af210f22a5890af

  • SHA1

    19f5285b9ccafec85daa6b9eea6ecb273347740c

  • SHA256

    60c4efdd576765b4185a0d229ad580e53cdd7a4f160eb521128c1c50694ebec6

  • SHA512

    27923a2f5726b6871578a5511fa4746c10f5357442eed1103ed166bd7a6d12496642455dc11fadbc743520e8d8e1b390e7d496006cc6cbf6b09c9b10360260ff

  • SSDEEP

    12288:4vtIveNylZn+InT+AN/d3Xho5oBoRoDoyo34VHGZfbRMpoSKHCqMaMI2puE1:YIm0l93/d3y5K64J5VHYsoEqrMIa

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

79.134.225.22:7734

Mutex

vjmozdcdfndy

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      63b9655e7ae47fa38af210f22a5890af

    • Size

      922KB

    • MD5

      63b9655e7ae47fa38af210f22a5890af

    • SHA1

      19f5285b9ccafec85daa6b9eea6ecb273347740c

    • SHA256

      60c4efdd576765b4185a0d229ad580e53cdd7a4f160eb521128c1c50694ebec6

    • SHA512

      27923a2f5726b6871578a5511fa4746c10f5357442eed1103ed166bd7a6d12496642455dc11fadbc743520e8d8e1b390e7d496006cc6cbf6b09c9b10360260ff

    • SSDEEP

      12288:4vtIveNylZn+InT+AN/d3Xho5oBoRoDoyo34VHGZfbRMpoSKHCqMaMI2puE1:YIm0l93/d3y5K64J5VHYsoEqrMIa

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks