General

  • Target

    0dda2fcee8bec9941a9cf9c5bd866f10.bin

  • Size

    32KB

  • Sample

    240405-bdmkfsgc89

  • MD5

    3958f8abc47a8313deb563b33a7c4fb8

  • SHA1

    6d4391cf0e9592bf031a72577bb62966c6cfc841

  • SHA256

    59ee98956a0a1b1302ca6dfda4eaf1b37804a5a03334ccc12d782933d70f7eed

  • SHA512

    c2a8d9d16edba975918aad8dd469cc7cfee554878c7411d060db5bdef0533bc72141e62dede3db0f4a12a8e3c60796588f737d60871c2ecb42ba8a232c404130

  • SSDEEP

    768:pkEzyZHROMyrb0WwCXsmqkRr7T51W2rwUyNwt1GByn8Fh7JEE4uPDZ:SEzyDPk5smqkx7dUgwe7GjN8+DZ

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

RAT15

C2

darkstorm275991.ddns.net:6606

darkstorm275991.ddns.net:7707

darkstorm275991.ddns.net:8808

mrreport.duckdns.org:6606

mrreport.duckdns.org:7707

mrreport.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Windows Session Manager.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      5732891fc200a9a59fdf3b2f96d5977152d1b76eb7220c8fcb28fc476945cddc.exe

    • Size

      66KB

    • MD5

      0dda2fcee8bec9941a9cf9c5bd866f10

    • SHA1

      29dba01814ef258f12fc06f9771f8e795e0337af

    • SHA256

      5732891fc200a9a59fdf3b2f96d5977152d1b76eb7220c8fcb28fc476945cddc

    • SHA512

      030eee3ec291fe9a5bf7b6ab1155a853eec01dc13b7319e198872c3af8826f084dda7c60955daf5e893515a528485fadf62e1ad404060b664cecddb0093ed362

    • SSDEEP

      1536:42MX66CQkCANKu/UYF9VCFCfn2W4bpfbPkgZIcrPlTGRG:42I66CQk7Ku/UYFOEd4bpzsgZIcdqG

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks