General

  • Target

    bd9d3da2c7a63a88c44c8857fb285062

  • Size

    2.5MB

  • Sample

    240310-emrgjsbg69

  • MD5

    bd9d3da2c7a63a88c44c8857fb285062

  • SHA1

    4e6dc23cb739abb7f926daa22096832da8d4fcd3

  • SHA256

    9c32dfe9366cd900b272ce625381572ad85be6d6fd1c452e48c2b289103522f1

  • SHA512

    dcf16eb637a20a7192322bf0e28346ae73c2b47da60610233b57a48bc38927139b206ff67bed3a0fd1fbf0b66a0a0264c316df22df0cd5c278359ed31c9b4184

  • SSDEEP

    49152:X5k3D1W2tOnUN7+b+/2RqOaRtm2jc7MYuKVpZebnlT1c+Hc+9u/Sm1M:X5i1JtOuSS/2L6t/4Zu4van7zzn5

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.4H

Mutex

extiqtrzeqtxqjoa

Attributes
  • delay

    0

  • install

    true

  • install_file

    scvhost.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/X37Jy9jA

aes.plain

Targets

    • Target

      bd9d3da2c7a63a88c44c8857fb285062

    • Size

      2.5MB

    • MD5

      bd9d3da2c7a63a88c44c8857fb285062

    • SHA1

      4e6dc23cb739abb7f926daa22096832da8d4fcd3

    • SHA256

      9c32dfe9366cd900b272ce625381572ad85be6d6fd1c452e48c2b289103522f1

    • SHA512

      dcf16eb637a20a7192322bf0e28346ae73c2b47da60610233b57a48bc38927139b206ff67bed3a0fd1fbf0b66a0a0264c316df22df0cd5c278359ed31c9b4184

    • SSDEEP

      49152:X5k3D1W2tOnUN7+b+/2RqOaRtm2jc7MYuKVpZebnlT1c+Hc+9u/Sm1M:X5i1JtOuSS/2L6t/4Zu4van7zzn5

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks