General

  • Target

    66d68d28dc38342d3671e29ebb9a7a1f

  • Size

    257KB

  • Sample

    240119-gdccdaged5

  • MD5

    66d68d28dc38342d3671e29ebb9a7a1f

  • SHA1

    e53a741a278efae6a99b429b46389dee1fbdbb1a

  • SHA256

    ac4865ab123b5ab1b9296a2522bd5a65c21e78a292af176e8e1d13f2198ba2a6

  • SHA512

    8cac4368de3fc9e35b5ea15dc5f1d3e02c45682bab536a10a456c5bb53ac181838707b95e08856d30a219e4780df1463944e85a85b4085aa2f967b32b7792121

  • SSDEEP

    6144:OeY9aZtkiIWigQ7i62kEGcJWR6JzyhvU2u3:+nXz7i62kEGcJWR6M1K

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

31.210.20.231:200

Mutex

STANDART

Attributes
  • delay

    3

  • install

    false

  • install_file

    RuntimeBroker.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      66d68d28dc38342d3671e29ebb9a7a1f

    • Size

      257KB

    • MD5

      66d68d28dc38342d3671e29ebb9a7a1f

    • SHA1

      e53a741a278efae6a99b429b46389dee1fbdbb1a

    • SHA256

      ac4865ab123b5ab1b9296a2522bd5a65c21e78a292af176e8e1d13f2198ba2a6

    • SHA512

      8cac4368de3fc9e35b5ea15dc5f1d3e02c45682bab536a10a456c5bb53ac181838707b95e08856d30a219e4780df1463944e85a85b4085aa2f967b32b7792121

    • SSDEEP

      6144:OeY9aZtkiIWigQ7i62kEGcJWR6JzyhvU2u3:+nXz7i62kEGcJWR6M1K

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks