General

  • Target

    a8884d5c23826a156a79a2e40ddbc10f.exe

  • Size

    1.2MB

  • Sample

    240404-ynna3agg7x

  • MD5

    a8884d5c23826a156a79a2e40ddbc10f

  • SHA1

    17ba269221f5e728a768f0e19bd1acf8759f44ac

  • SHA256

    821900f5cf0981a062d0683d5a5905ce407a035d9e0ab7ee0bd110a7403321d1

  • SHA512

    8f14f18e84aac4643655994e6d11d1c166607beadbecc9cc969afa0a5e5881df4cf3c74c77f1de092240369e0922da52574108a358b04a3043d450a77191fedd

  • SSDEEP

    1536:67ja7Fg3dR05lpUFpILxwr1088AEUHXTit6oAfMOnYZm/ZMp+E1U793K7nadtU4s:6QiRGpUcwrXLEKXTToMMIYU60gqtU4s

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

RAT15

C2

darkstorm275991.ddns.net:6606

darkstorm275991.ddns.net:7707

darkstorm275991.ddns.net:8808

mrreport.duckdns.org:6606

mrreport.duckdns.org:7707

mrreport.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Windows Session Manager.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      a8884d5c23826a156a79a2e40ddbc10f.exe

    • Size

      1.2MB

    • MD5

      a8884d5c23826a156a79a2e40ddbc10f

    • SHA1

      17ba269221f5e728a768f0e19bd1acf8759f44ac

    • SHA256

      821900f5cf0981a062d0683d5a5905ce407a035d9e0ab7ee0bd110a7403321d1

    • SHA512

      8f14f18e84aac4643655994e6d11d1c166607beadbecc9cc969afa0a5e5881df4cf3c74c77f1de092240369e0922da52574108a358b04a3043d450a77191fedd

    • SSDEEP

      1536:67ja7Fg3dR05lpUFpILxwr1088AEUHXTit6oAfMOnYZm/ZMp+E1U793K7nadtU4s:6QiRGpUcwrXLEKXTToMMIYU60gqtU4s

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks