General

  • Target

    Visual Protector.exe

  • Size

    1.0MB

  • Sample

    240406-1frpmacd36

  • MD5

    2fd0387cb9fa37855f8a9c196c115131

  • SHA1

    3a1b1f53e4a57a622a82ee6d149792fd7c212a13

  • SHA256

    bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73

  • SHA512

    1fe92302bba86858e989203fc8826a4bd326226b7025d32be946f59a9035cc17d0734c50d724c560a288311ed1d4f07824c30e456988ab2e5b7432eb4d47a095

  • SSDEEP

    12288:2fk2b3JKzOdEtjBA0zg1fA3UOaCl114p1xOAKSkjdrhV0DyqPod4/oADOUltRTrJ:q7LAzOd+jBhzkfhOaq11qIx5IrooVY4

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

RAT10

C2

darkstorm275991.ddns.net:6606

darkstorm275991.ddns.net:7707

darkstorm275991.ddns.net:8808

mrreport.duckdns.org:6606

mrreport.duckdns.org:7707

mrreport.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Microsoft.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Visual Protector.exe

    • Size

      1.0MB

    • MD5

      2fd0387cb9fa37855f8a9c196c115131

    • SHA1

      3a1b1f53e4a57a622a82ee6d149792fd7c212a13

    • SHA256

      bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73

    • SHA512

      1fe92302bba86858e989203fc8826a4bd326226b7025d32be946f59a9035cc17d0734c50d724c560a288311ed1d4f07824c30e456988ab2e5b7432eb4d47a095

    • SSDEEP

      12288:2fk2b3JKzOdEtjBA0zg1fA3UOaCl114p1xOAKSkjdrhV0DyqPod4/oADOUltRTrJ:q7LAzOd+jBhzkfhOaq11qIx5IrooVY4

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks