General

  • Target

    2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066.zip

  • Size

    634KB

  • Sample

    240402-qxclxsbg8y

  • MD5

    ff9411ed1a4d82eccc863424e574b5ca

  • SHA1

    ed26d374b1210a86ba51406e69be871ee0ab1b9b

  • SHA256

    76ab4dd58066508689200a8dd60c006eae615741ab6733d2221142bc7bd9bd56

  • SHA512

    6681eb3dec9701a7a645f669b408c69a7da6a165d60fb6144916a32af51b243739baefbe276fc4cde35988d8afa999d4013995eb5e484b8ac37c216d26936baf

  • SSDEEP

    12288:+2dZ6Thbbwpz/iOT3D23EU1s11xGu7ID9BQ6vE3472y4ys:+2r65EpzqMMEGss6IDQ8Ei27ys

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

NEW_N4

C2

fttuvgt.ddnsfree.com:6969

fttuvgt.ddnsfree.com:6668

fttuvgt.ddnsfree.com:6667

Mutex

AsyncMutex_xxx342592

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066.exe

    • Size

      647KB

    • MD5

      4532fe89506406de9ebaa83778d74c8f

    • SHA1

      8015b822fc7df8d33ec3416e773f7189e9b74b5f

    • SHA256

      2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066

    • SHA512

      50706520d3df0669ac2b7a75a6a234cd28deec92e8be98e0e4ce7ef8848952cc07b53e30723bf4668ee3f940714360f6ba705bfe83e2d47f3163c86e407ba36a

    • SSDEEP

      12288:w3qcsNKVUdaaPDodw7y1Q3krddMK341VhJ5mhj2ZCm03Pjzkjp:w33uK2daGz+1Q3qdMKoDhJkhWCmQjzAp

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $TEMP/Reaching

    • Size

      292KB

    • MD5

      c3a422b148a736804f525f481f289d2d

    • SHA1

      2cead45c5bdcc21213701bc92f45d2ab3e9e7258

    • SHA256

      520b4a0ca94396abb97ea723ed7d6dfa7880cce4013d2f998b3c83090295d254

    • SHA512

      ddf1ba3d23f9b5363f3b1817e705ae4da6cddc3218c6778896eca9ec30ed0d0daf66cc502d133a56c4f880efeea026b0d513024e82d825684701e12a7339bb50

    • SSDEEP

      6144:1K5vPeDkjGgQaE/loUDtf0accB3gBmmLsiS+SAhClbfSA:uvG4waEqOfFfB3gBTQ+SAibn

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks