General

  • Target

    6cf9a842721723f290f0042dbfc39f52

  • Size

    623KB

  • Sample

    240121-lmvbrsaefq

  • MD5

    6cf9a842721723f290f0042dbfc39f52

  • SHA1

    0fcf58d31a0a3eb64872b7a9bbf5dccea47f227b

  • SHA256

    7a46b5a9e5ca439c490aab43bf8b440d6814042240d917aba8386aaf72fd1586

  • SHA512

    1067a0f0c4b11c8e8a5766815243e07968b5d6fe8ba8bcbe08746301a4012c37a5ed7b7300f2cacf30fcf9ceb8d920e1f94a19eb3322916107c66d45b47e1ae8

  • SSDEEP

    12288:cTwqT3DxIlIOe2KzC2Kxb5OGdWduMyVnGRfX2cpUw:Y1DClq2KzCpx1bdiuM2nGRv2

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

exportmunic007.duckdns.org:6606

exportmunic007.duckdns.org:7707

exportmunic007.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      6cf9a842721723f290f0042dbfc39f52

    • Size

      623KB

    • MD5

      6cf9a842721723f290f0042dbfc39f52

    • SHA1

      0fcf58d31a0a3eb64872b7a9bbf5dccea47f227b

    • SHA256

      7a46b5a9e5ca439c490aab43bf8b440d6814042240d917aba8386aaf72fd1586

    • SHA512

      1067a0f0c4b11c8e8a5766815243e07968b5d6fe8ba8bcbe08746301a4012c37a5ed7b7300f2cacf30fcf9ceb8d920e1f94a19eb3322916107c66d45b47e1ae8

    • SSDEEP

      12288:cTwqT3DxIlIOe2KzC2Kxb5OGdWduMyVnGRfX2cpUw:Y1DClq2KzCpx1bdiuM2nGRv2

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks