General

  • Target

    792806431d88b26392bfc1522b66d49b

  • Size

    1.1MB

  • Sample

    240127-dzeg3sdfcl

  • MD5

    792806431d88b26392bfc1522b66d49b

  • SHA1

    67f538f6899da41c31215f25912449dc16e9edf0

  • SHA256

    5afdc4f45d0d4f4f7ea1995a0153ffa6c1eeef97ca4a6963ed04b67b24dc953a

  • SHA512

    418e6c777f8ff6f3c2c6ce3d6d034f27acc077c7f745af7f69cc588078d5dabfc39fec0ede5898d9f104e46b9f7a913903b2750d61cc64d30890bdd45248f58a

  • SSDEEP

    24576:FYMCCmgwpOsBgo0q4wM5Ng7I8y260wbhkTs0hn9oAO:F6AoHM5q7K9hkwu9p

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

exportmunic007.duckdns.org:6606

exportmunic007.duckdns.org:7707

exportmunic007.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      792806431d88b26392bfc1522b66d49b

    • Size

      1.1MB

    • MD5

      792806431d88b26392bfc1522b66d49b

    • SHA1

      67f538f6899da41c31215f25912449dc16e9edf0

    • SHA256

      5afdc4f45d0d4f4f7ea1995a0153ffa6c1eeef97ca4a6963ed04b67b24dc953a

    • SHA512

      418e6c777f8ff6f3c2c6ce3d6d034f27acc077c7f745af7f69cc588078d5dabfc39fec0ede5898d9f104e46b9f7a913903b2750d61cc64d30890bdd45248f58a

    • SSDEEP

      24576:FYMCCmgwpOsBgo0q4wM5Ng7I8y260wbhkTs0hn9oAO:F6AoHM5q7K9hkwu9p

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks