General

  • Target

    af3068a581e247fbbfe184d067644403

  • Size

    7.1MB

  • Sample

    240229-w9qbfaha7s

  • MD5

    af3068a581e247fbbfe184d067644403

  • SHA1

    6c56a16f642cb104e7d8ed38638adb0a8ae588d4

  • SHA256

    ba57dd859d6b9b0391c81bb45e7a73c47fb9739918841efd38f64384fb06f517

  • SHA512

    f14e9a085e06e4e6818f801486c58423dfdc43cb5a5b8fbd1e139e4f846ecb139bbbec5a305b8c59e6546493c2a0756deed4c311663817aab976f1f8251e70f9

  • SSDEEP

    98304:J68jmhSfaOnqsfVTgsYLi32G9EukhrCtl1sB6YWJ9/G1iylLGtXb6OXJcsc:JTZUcULimEEukhrklC6Ys9/G1nAb1

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MeowPC

C2

meowpc-33643.portmap.host:2610

meowpc-33643.portmap.host:33643

74.81.52.179:2610

74.81.52.179:33643

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    window.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      af3068a581e247fbbfe184d067644403

    • Size

      7.1MB

    • MD5

      af3068a581e247fbbfe184d067644403

    • SHA1

      6c56a16f642cb104e7d8ed38638adb0a8ae588d4

    • SHA256

      ba57dd859d6b9b0391c81bb45e7a73c47fb9739918841efd38f64384fb06f517

    • SHA512

      f14e9a085e06e4e6818f801486c58423dfdc43cb5a5b8fbd1e139e4f846ecb139bbbec5a305b8c59e6546493c2a0756deed4c311663817aab976f1f8251e70f9

    • SSDEEP

      98304:J68jmhSfaOnqsfVTgsYLi32G9EukhrCtl1sB6YWJ9/G1iylLGtXb6OXJcsc:JTZUcULimEEukhrklC6Ys9/G1nAb1

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks