General

  • Target

    a.exe

  • Size

    10.3MB

  • Sample

    240127-1as1haceh5

  • MD5

    6fb26a35f0ceaaac2a18eded411271e9

  • SHA1

    130e60f1a677a0480dcf51bf7659b47e6a0b9d25

  • SHA256

    eee1985862e96051e7cefadbbf293a9c225b888d6d01c16cfb8fea76a1e4cc1e

  • SHA512

    fce206d4f4a5a17d77a19f04900c1819ec2ae8c2483b250566e82d6a0fb02160e2f417036dc9357a3f633f11a88389fe09acaf5c3026c92b5408972e78221e76

  • SSDEEP

    24576:hdErYgCZ39+2z7UektosgOehW54H28xDMuYS4ozolIxnn:zgCZ3U210ehW2H28xYuYwn

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

C2

127.0.0.1:4449

Mutex

pcxcnvtcdzqwfblva

Attributes
  • delay

    0

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      a.exe

    • Size

      10.3MB

    • MD5

      6fb26a35f0ceaaac2a18eded411271e9

    • SHA1

      130e60f1a677a0480dcf51bf7659b47e6a0b9d25

    • SHA256

      eee1985862e96051e7cefadbbf293a9c225b888d6d01c16cfb8fea76a1e4cc1e

    • SHA512

      fce206d4f4a5a17d77a19f04900c1819ec2ae8c2483b250566e82d6a0fb02160e2f417036dc9357a3f633f11a88389fe09acaf5c3026c92b5408972e78221e76

    • SSDEEP

      24576:hdErYgCZ39+2z7UektosgOehW54H28xDMuYS4ozolIxnn:zgCZ3U210ehW2H28xYuYwn

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks