General

  • Target

    1476-58-0x0000000002390000-0x00000000023A6000-memory.dmp

  • Size

    88KB

  • Sample

    240302-tk11jaeg4v

  • MD5

    b3c54212af23b81ad4690b30d117fcba

  • SHA1

    87dc2679c8c547262f78f67cb3bb517821706a5c

  • SHA256

    6eed3121fb60ee5c8e2c9737e654fc6afa4af4171b0037ad1beabeb5e64c870b

  • SHA512

    9ee475ad45f3a5f9a0e126a02940bbda40e84668c3aadc6d56a6c142982dceb930b9919f2448b0f499a13613a65a93446d8101c8b315310dd5ec4e268dcffab5

  • SSDEEP

    768:CCAcCoN+JPQkJvuEN8KF9tE+4OpbLMgJTqujkutjZxydkSHYdmrSCnHmBbs1opow:CsCo4lrAjWjZYHkn+6b7okSvywNAQ

Score
10/10

Malware Config

Extracted

Family

asyncrat

C2

103.117.72.103:8848

Mutex

hllbdyrbrto

Attributes
  • delay

    1

  • install

    true

  • install_file

    shellcodeloader.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1476-58-0x0000000002390000-0x00000000023A6000-memory.dmp

    • Size

      88KB

    • MD5

      b3c54212af23b81ad4690b30d117fcba

    • SHA1

      87dc2679c8c547262f78f67cb3bb517821706a5c

    • SHA256

      6eed3121fb60ee5c8e2c9737e654fc6afa4af4171b0037ad1beabeb5e64c870b

    • SHA512

      9ee475ad45f3a5f9a0e126a02940bbda40e84668c3aadc6d56a6c142982dceb930b9919f2448b0f499a13613a65a93446d8101c8b315310dd5ec4e268dcffab5

    • SSDEEP

      768:CCAcCoN+JPQkJvuEN8KF9tE+4OpbLMgJTqujkutjZxydkSHYdmrSCnHmBbs1opow:CsCo4lrAjWjZYHkn+6b7okSvywNAQ

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks