General

  • Target

    7ddaf1dfd0b216c5c1326dfcfee7c24c

  • Size

    475KB

  • Sample

    240128-yk52pshba7

  • MD5

    7ddaf1dfd0b216c5c1326dfcfee7c24c

  • SHA1

    0247864b4d517dfd1a26ac439466f81aa848dd16

  • SHA256

    4c943d528bdd27167343aac302bda325867219e971833c7eb015f399912f1118

  • SHA512

    80a3d80ce75be3980a320fad9169201d65c2b70a95fbb2d1bf8ee11520e418dffeb84592ee850c2fcfd19a3fcc8c0b783d84d311d8053bf2e14159f6c106f1ea

  • SSDEEP

    12288:j9WciQjQJ6fr5DF/i2nwbRjYflam7oKIgwgQUpeHp5kolA4TifhCur8c:5IQjQsT/i2nwbRjYf3IgDr

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

pompake.duckdns.org:2001

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7ddaf1dfd0b216c5c1326dfcfee7c24c

    • Size

      475KB

    • MD5

      7ddaf1dfd0b216c5c1326dfcfee7c24c

    • SHA1

      0247864b4d517dfd1a26ac439466f81aa848dd16

    • SHA256

      4c943d528bdd27167343aac302bda325867219e971833c7eb015f399912f1118

    • SHA512

      80a3d80ce75be3980a320fad9169201d65c2b70a95fbb2d1bf8ee11520e418dffeb84592ee850c2fcfd19a3fcc8c0b783d84d311d8053bf2e14159f6c106f1ea

    • SSDEEP

      12288:j9WciQjQJ6fr5DF/i2nwbRjYflam7oKIgwgQUpeHp5kolA4TifhCur8c:5IQjQsT/i2nwbRjYf3IgDr

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks