General

  • Target

    867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca

  • Size

    238KB

  • Sample

    240313-z26v1abb85

  • MD5

    34699ed272d8dd62e8aa8166df45d311

  • SHA1

    50e70ba3b8c470c02f31b680000afcc385972235

  • SHA256

    867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca

  • SHA512

    7186c092c5345b1b599dedff6b4931ed20147a0ad0f737e76391678cbc7ba73d97076cd1f80b26a98419c0b7a09737243ef9a978fb3e83f6d24e21190ac8d578

  • SSDEEP

    6144:EVH+m5mfg4HHdIoBvHEVt72jEO2juWAPqNcXUY9+ZZlsn8VLg21S+JRAQI:E35mflpfEV12gUCCXUY9Jn8VLg21S+JQ

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default2

C2

roolingstone.sytes.net:7707

roolingstone.sytes.net:8808

Mutex

AsyncMutex_6SI8OfPnY

Attributes
  • delay

    3

  • install

    true

  • install_file

    flo.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca

    • Size

      238KB

    • MD5

      34699ed272d8dd62e8aa8166df45d311

    • SHA1

      50e70ba3b8c470c02f31b680000afcc385972235

    • SHA256

      867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca

    • SHA512

      7186c092c5345b1b599dedff6b4931ed20147a0ad0f737e76391678cbc7ba73d97076cd1f80b26a98419c0b7a09737243ef9a978fb3e83f6d24e21190ac8d578

    • SSDEEP

      6144:EVH+m5mfg4HHdIoBvHEVt72jEO2juWAPqNcXUY9+ZZlsn8VLg21S+JRAQI:E35mflpfEV12gUCCXUY9Jn8VLg21S+JQ

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detects executables packed with ConfuserEx Mod

    • Detects file containing reversed ASEP Autorun registry keys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks