General

  • Target

    6bdae200b21ded52cae27d7a223af690

  • Size

    1.2MB

  • Sample

    240121-ajmxqsbacq

  • MD5

    6bdae200b21ded52cae27d7a223af690

  • SHA1

    4e0be4edcc211aa6752bf4ae343b1a5896ed4c59

  • SHA256

    465966504b71b61efd8b63c2b473115b51666d6e5beab1aad6f5da29fa82f2c5

  • SHA512

    1fbcdda3a10a9f782d3733cf5e9b011f14635951d130f25ee8acf0b4c97265cf2f2484f28466daafe0ccdd60847a7538210ad8a210c3fc3d762f8278aaf69d2c

  • SSDEEP

    12288:5zzi6I/R83Z9ZBYY8PZZ/0vEaocP2T2fXJk/HmUVpI33EVDst:5nI/R83ZfWL6vEaocP2T2fXJvOy

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

gazetrto.myddns.me:7123

gazetrto.myddns.me:7116

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      6bdae200b21ded52cae27d7a223af690

    • Size

      1.2MB

    • MD5

      6bdae200b21ded52cae27d7a223af690

    • SHA1

      4e0be4edcc211aa6752bf4ae343b1a5896ed4c59

    • SHA256

      465966504b71b61efd8b63c2b473115b51666d6e5beab1aad6f5da29fa82f2c5

    • SHA512

      1fbcdda3a10a9f782d3733cf5e9b011f14635951d130f25ee8acf0b4c97265cf2f2484f28466daafe0ccdd60847a7538210ad8a210c3fc3d762f8278aaf69d2c

    • SSDEEP

      12288:5zzi6I/R83Z9ZBYY8PZZ/0vEaocP2T2fXJk/HmUVpI33EVDst:5nI/R83ZfWL6vEaocP2T2fXJvOy

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks