General

  • Target

    bd0936130918f160fe94ac409384813d

  • Size

    1.1MB

  • Sample

    240309-219llsdh41

  • MD5

    bd0936130918f160fe94ac409384813d

  • SHA1

    00f438306e6f79c07e68aade0ca145b2903d2c49

  • SHA256

    d12ba06e8f066751bccfca444e986dc407ff2f74f4b133507443c7f8bbc091b4

  • SHA512

    2add5cece1aaf98844a7b843a1d0db4602320bdd7d28989e6ef3fef4aa00d0f0a05f6aaa15e424a508c620d3b62cdcf45d033d14ab06ef778350691df53e0c65

  • SSDEEP

    24576:PcOsBgo0q4wMeBmCmTOUd+L6k9XWGntVaQ9Atep7:PloHMimCm6Ud+z9X/ntc3cp

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Game ON

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

79.134.225.35:6606

79.134.225.35:7707

79.134.225.35:8808

Mutex

vmmfkkwtsgba

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      bd0936130918f160fe94ac409384813d

    • Size

      1.1MB

    • MD5

      bd0936130918f160fe94ac409384813d

    • SHA1

      00f438306e6f79c07e68aade0ca145b2903d2c49

    • SHA256

      d12ba06e8f066751bccfca444e986dc407ff2f74f4b133507443c7f8bbc091b4

    • SHA512

      2add5cece1aaf98844a7b843a1d0db4602320bdd7d28989e6ef3fef4aa00d0f0a05f6aaa15e424a508c620d3b62cdcf45d033d14ab06ef778350691df53e0c65

    • SSDEEP

      24576:PcOsBgo0q4wMeBmCmTOUd+L6k9XWGntVaQ9Atep7:PloHMimCm6Ud+z9X/ntc3cp

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks