General

  • Target

    https://cdn.discordapp.com/attachments/1222998318163034124/1225703295692177408/Infected.rar?ex=66221826&is=660fa326&hm=5d227b4e8463171302af8cdd13489171c5550151e20e719b2b8bff41baf008cb&

  • Sample

    240405-l33m3shg35

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

$$

C2

127.0.0.1:41414

authority-amazon.gl.at.ply.gg:41414

Mutex

Ζ贼KרSmDS0伊t7שZOEwtωDfO

Attributes
  • delay

    1

  • install

    true

  • install_file

    Discord .exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      https://cdn.discordapp.com/attachments/1222998318163034124/1225703295692177408/Infected.rar?ex=66221826&is=660fa326&hm=5d227b4e8463171302af8cdd13489171c5550151e20e719b2b8bff41baf008cb&

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks