General

  • Target

    7933ccde34147748dc1d6cd38b7fc858

  • Size

    3.3MB

  • Sample

    240127-eeqkaaebem

  • MD5

    7933ccde34147748dc1d6cd38b7fc858

  • SHA1

    57c5debaba013de6e1f2c7cf29e50a1f3b0c5b5b

  • SHA256

    a3f98f3b576b7f5d13774bd109402860c9bcf0647855edaec00c5232b48b9852

  • SHA512

    39cf2f807ac3d8ec6aac60ec5040beff4e3bd88fe70951bb97b6c6f308aecf16b9fbf7e76a66f487862127280897fab9e37c86c87a654b66fff72d2f746d6e13

  • SSDEEP

    24576:mA1sGgIKZOU0NqqlsGgIKZOU0NqqB1PsGgIKZOU0NqqlsGgIKZOU0NqqEiHf4MLt:P1npntNnpnwYlL+u

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Mutex

djrokarygapxupatkdr

Attributes
  • delay

    16

  • install

    true

  • install_file

    minecrafte.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7933ccde34147748dc1d6cd38b7fc858

    • Size

      3.3MB

    • MD5

      7933ccde34147748dc1d6cd38b7fc858

    • SHA1

      57c5debaba013de6e1f2c7cf29e50a1f3b0c5b5b

    • SHA256

      a3f98f3b576b7f5d13774bd109402860c9bcf0647855edaec00c5232b48b9852

    • SHA512

      39cf2f807ac3d8ec6aac60ec5040beff4e3bd88fe70951bb97b6c6f308aecf16b9fbf7e76a66f487862127280897fab9e37c86c87a654b66fff72d2f746d6e13

    • SSDEEP

      24576:mA1sGgIKZOU0NqqlsGgIKZOU0NqqB1PsGgIKZOU0NqqlsGgIKZOU0NqqEiHf4MLt:P1npntNnpnwYlL+u

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks