General

  • Target

    2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066.zip

  • Size

    634KB

  • Sample

    240402-q56vqscb5s

  • MD5

    6980b48310e413c4134f21a47836506d

  • SHA1

    955ec69d7d7c5ce4770c39bac3760de5e945065c

  • SHA256

    0d5333bcd7d75948006899403cf3ef810803919c6f16f9b80e815d28e5439cd2

  • SHA512

    35d613306421ee02da76bf28aa5b28de29442fdeb10cf640c0cb40426d11e34c2e3493215e8c6e8dfb2e470163a105951e3ce4f75c3b39c01dd20dab0841818b

  • SSDEEP

    12288:eH+d+8H01OYRZ2Uvj6pKgYgxdlfDa+pXNxJMSElMJ67xCnBNFe8PAxZ01AKuwWN:eH+88H013Z9v+pBdlfW+pdxVJlBNFe8U

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

NEW_N4

C2

fttuvgt.ddnsfree.com:6969

fttuvgt.ddnsfree.com:6668

fttuvgt.ddnsfree.com:6667

Mutex

AsyncMutex_xxx342592

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066.exe

    • Size

      647KB

    • MD5

      4532fe89506406de9ebaa83778d74c8f

    • SHA1

      8015b822fc7df8d33ec3416e773f7189e9b74b5f

    • SHA256

      2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066

    • SHA512

      50706520d3df0669ac2b7a75a6a234cd28deec92e8be98e0e4ce7ef8848952cc07b53e30723bf4668ee3f940714360f6ba705bfe83e2d47f3163c86e407ba36a

    • SSDEEP

      12288:w3qcsNKVUdaaPDodw7y1Q3krddMK341VhJ5mhj2ZCm03Pjzkjp:w33uK2daGz+1Q3qdMKoDhJkhWCmQjzAp

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $TEMP/Reaching

    • Size

      292KB

    • MD5

      c3a422b148a736804f525f481f289d2d

    • SHA1

      2cead45c5bdcc21213701bc92f45d2ab3e9e7258

    • SHA256

      520b4a0ca94396abb97ea723ed7d6dfa7880cce4013d2f998b3c83090295d254

    • SHA512

      ddf1ba3d23f9b5363f3b1817e705ae4da6cddc3218c6778896eca9ec30ed0d0daf66cc502d133a56c4f880efeea026b0d513024e82d825684701e12a7339bb50

    • SSDEEP

      6144:1K5vPeDkjGgQaE/loUDtf0accB3gBmmLsiS+SAhClbfSA:uvG4waEqOfFfB3gBTQ+SAibn

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks