General

  • Target

    panel 1.1.exe

  • Size

    2.7MB

  • Sample

    240406-1kdcssce54

  • MD5

    9c993d304248ac9ceb1e56efe2fd80c8

  • SHA1

    eeb77ea65eb7627ddda401954f835d4cee4e9651

  • SHA256

    b18cb5f31c2f5a29ebe171e68bf414b8168959d12d36a9e5ad7a58c04beaf125

  • SHA512

    0e73895fde1dcf7258033d1ada084e0619e535f8c9470ea9baf7f692b290d5cd0515d6cc3039c58776c139e395ee03f925dd648184f8ae8090a68c9d7fad67f7

  • SSDEEP

    49152:sI8KwvIjwTIu3XAhQ+TOYMCDy+/uvgDOMnodkyB5UGD5LM8VUrH:s1KwvO0XAHOyucOModkyB5D7VUj

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

RAT5

C2

darkstorm275991.ddns.net:6606

darkstorm275991.ddns.net:7707

darkstorm275991.ddns.net:8808

mrreport.duckdns.org:6606

mrreport.duckdns.org:7707

mrreport.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Microsoft.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      panel 1.1.exe

    • Size

      2.7MB

    • MD5

      9c993d304248ac9ceb1e56efe2fd80c8

    • SHA1

      eeb77ea65eb7627ddda401954f835d4cee4e9651

    • SHA256

      b18cb5f31c2f5a29ebe171e68bf414b8168959d12d36a9e5ad7a58c04beaf125

    • SHA512

      0e73895fde1dcf7258033d1ada084e0619e535f8c9470ea9baf7f692b290d5cd0515d6cc3039c58776c139e395ee03f925dd648184f8ae8090a68c9d7fad67f7

    • SSDEEP

      49152:sI8KwvIjwTIu3XAhQ+TOYMCDy+/uvgDOMnodkyB5UGD5LM8VUrH:s1KwvO0XAHOyucOModkyB5D7VUj

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks