General

  • Target

    7e1215a9250f2f1b21c282a7541301f0

  • Size

    1.2MB

  • Sample

    240128-1h6assafe2

  • MD5

    7e1215a9250f2f1b21c282a7541301f0

  • SHA1

    87247624bb152570a9976cb3e4dca23719e247e7

  • SHA256

    5b85e8c3a111fa974d3a497f58e28dc2be93ec6db391547746076d8e0b4ad1a1

  • SHA512

    e6c7610ea2597cf1899124ebe29c4a3c946876e9f667b1e6485e3d9249e26ebcdcf07fd4437de05445d8ccf221ed1c8f6365a14c7b5463a3baa4eb3a0441002f

  • SSDEEP

    12288:VH7Z5lJvrpJlZGHMkm4+buL9/0EFMtnVipIXAYfGlWjuzlZcjo1qT3MS:5rAMkmw2EFMLoIhPuzlZcjosT3MS

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

mariarizazapata09.duckdns.org:1884

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7e1215a9250f2f1b21c282a7541301f0

    • Size

      1.2MB

    • MD5

      7e1215a9250f2f1b21c282a7541301f0

    • SHA1

      87247624bb152570a9976cb3e4dca23719e247e7

    • SHA256

      5b85e8c3a111fa974d3a497f58e28dc2be93ec6db391547746076d8e0b4ad1a1

    • SHA512

      e6c7610ea2597cf1899124ebe29c4a3c946876e9f667b1e6485e3d9249e26ebcdcf07fd4437de05445d8ccf221ed1c8f6365a14c7b5463a3baa4eb3a0441002f

    • SSDEEP

      12288:VH7Z5lJvrpJlZGHMkm4+buL9/0EFMtnVipIXAYfGlWjuzlZcjo1qT3MS:5rAMkmw2EFMLoIhPuzlZcjosT3MS

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks