General

  • Target

    SaladInstaller.exe

  • Size

    194KB

  • Sample

    240119-t531maaeb7

  • MD5

    faccc962302c61af491cb9de2cb2d24b

  • SHA1

    2e6067b4a236086bf1031a74c385b612cc7a92c2

  • SHA256

    4da5f03e4aae4fdd3edcba4411497678312690f49b05790d2ae5fd4cb703147c

  • SHA512

    2749e3a344fbbf092cfcf1a9a9543bab41b11d6eca7f48f133c8184ef863fb5dfd5322bfc7ab6112ba91418187089c0d443cf049acdd1ef80fd92da3755bbe14

  • SSDEEP

    1536:Fp+AatpOJ9zbZUUnkJuuGaQtdQ3lAVclN:fctpOnzbZPhV0l6Y

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      SaladInstaller.exe

    • Size

      194KB

    • MD5

      faccc962302c61af491cb9de2cb2d24b

    • SHA1

      2e6067b4a236086bf1031a74c385b612cc7a92c2

    • SHA256

      4da5f03e4aae4fdd3edcba4411497678312690f49b05790d2ae5fd4cb703147c

    • SHA512

      2749e3a344fbbf092cfcf1a9a9543bab41b11d6eca7f48f133c8184ef863fb5dfd5322bfc7ab6112ba91418187089c0d443cf049acdd1ef80fd92da3755bbe14

    • SSDEEP

      1536:Fp+AatpOJ9zbZUUnkJuuGaQtdQ3lAVclN:fctpOnzbZPhV0l6Y

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks