General

  • Target

    Infected.exe

  • Size

    9.0MB

  • Sample

    240126-3ajg6shgcr

  • MD5

    add49a4fbe84b5e5925c278f50d212a5

  • SHA1

    194c8f74726c7c80cd2dbc5b1971d61bb0b5d079

  • SHA256

    b66c361415efd36f60551d8947123ea937b6adc29accc299fd2e98db143202e4

  • SHA512

    c1121c07cd7bc1b4a20e8e0c85a4f84d8bc4a0a69f44b595340f9e8fa2fcc69a5cdb358306462bd78afe77fa544d8b01420afe2968de5b26e0ca2f937063a913

  • SSDEEP

    1536:DY+Q+tdSJYUbdh9gBtdluXpCQ5ppqKmY7:DrtYYUbdwtI5yz

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:909

127.0.0.1:9090

127.0.0.1:4545

127.0.0.1:3232

192.168.2.40:909

192.168.2.40:9090

192.168.2.40:4545

192.168.2.40:3232

127.0.0.1:3232:909

127.0.0.1:3232:9090

127.0.0.1:3232:4545

127.0.0.1:3232:3232

Mutex

i4fXWD贼8勒oרD吾ikVd勒h4Pgg

Attributes
  • delay

    1

  • install

    true

  • install_file

    WinChecker.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      Infected.exe

    • Size

      9.0MB

    • MD5

      add49a4fbe84b5e5925c278f50d212a5

    • SHA1

      194c8f74726c7c80cd2dbc5b1971d61bb0b5d079

    • SHA256

      b66c361415efd36f60551d8947123ea937b6adc29accc299fd2e98db143202e4

    • SHA512

      c1121c07cd7bc1b4a20e8e0c85a4f84d8bc4a0a69f44b595340f9e8fa2fcc69a5cdb358306462bd78afe77fa544d8b01420afe2968de5b26e0ca2f937063a913

    • SSDEEP

      1536:DY+Q+tdSJYUbdh9gBtdluXpCQ5ppqKmY7:DrtYYUbdwtI5yz

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks