General

  • Target

    grabbed.exe

  • Size

    65KB

  • Sample

    240309-2j5w4adc6v

  • MD5

    d4b1b8ae6b8cf4c57d9757c75d729146

  • SHA1

    9bae023fcdfaae28c40fa9c6c9b50e715b09adf9

  • SHA256

    8bd75c3aa188ce67229f00737583a01b34657cc566a457aefa15bd590605f1a8

  • SHA512

    cdebb7b751c9ba84e2ade944ea5b9a2bb4773145e854dd0c0ce254cd559b1f1049aa8fb9f64207edf5319b536bc68d2a201ec5719827ebd74478268c02e0bcdb

  • SSDEEP

    1536:e+OAXoaIibs/A0M7COqjGb/BgoZ1v1rNAQkD4hqq3W/x:e+OAXoaIibh0ICOqjGb/+a7AQkMhF3Cx

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

WinExplOMG

C2

stormx.dynu.net:77

Mutex

winexpomg

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      grabbed.exe

    • Size

      65KB

    • MD5

      d4b1b8ae6b8cf4c57d9757c75d729146

    • SHA1

      9bae023fcdfaae28c40fa9c6c9b50e715b09adf9

    • SHA256

      8bd75c3aa188ce67229f00737583a01b34657cc566a457aefa15bd590605f1a8

    • SHA512

      cdebb7b751c9ba84e2ade944ea5b9a2bb4773145e854dd0c0ce254cd559b1f1049aa8fb9f64207edf5319b536bc68d2a201ec5719827ebd74478268c02e0bcdb

    • SSDEEP

      1536:e+OAXoaIibs/A0M7COqjGb/BgoZ1v1rNAQkD4hqq3W/x:e+OAXoaIibh0ICOqjGb/+a7AQkMhF3Cx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks