General

  • Target

    6606a22b54dd17c439ae53e80399158a

  • Size

    598KB

  • Sample

    240118-zths7shbfl

  • MD5

    6606a22b54dd17c439ae53e80399158a

  • SHA1

    904dc8413e2125b4a75e8dbaf7f6c0cdf3d90447

  • SHA256

    506ca0c37b167c6153b1a05afaad4daa415f67c1082cd8eaf152d9d79faf18b0

  • SHA512

    f435dc0f9c7cb9d5e3bdc466c2ca3d1be93de1801e495b0eb100d31c0afb5b6fde83210dca38d0e61bbaf4aee61abe860a073bf83cb5b8464b06c175ccd6295d

  • SSDEEP

    12288:9YbcEZNhp0tVUwIki3bUhYT0zVckGnyWPag4gE8C539Wrulfq+Qe38YT:9OZEIki3bUS0+Lnn

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

79.134.225.44:7450

Mutex

zesdluuiwc

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      6606a22b54dd17c439ae53e80399158a

    • Size

      598KB

    • MD5

      6606a22b54dd17c439ae53e80399158a

    • SHA1

      904dc8413e2125b4a75e8dbaf7f6c0cdf3d90447

    • SHA256

      506ca0c37b167c6153b1a05afaad4daa415f67c1082cd8eaf152d9d79faf18b0

    • SHA512

      f435dc0f9c7cb9d5e3bdc466c2ca3d1be93de1801e495b0eb100d31c0afb5b6fde83210dca38d0e61bbaf4aee61abe860a073bf83cb5b8464b06c175ccd6295d

    • SSDEEP

      12288:9YbcEZNhp0tVUwIki3bUhYT0zVckGnyWPag4gE8C539Wrulfq+Qe38YT:9OZEIki3bUS0+Lnn

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks