General

  • Target

    756ab7b9d92c134951bdedbb6a4e27942bf06b8e714fdeabb28af99db8900c8f

  • Size

    31KB

  • Sample

    240415-2rc62scd71

  • MD5

    a3d7e3a437c20aea540f58179fdb8757

  • SHA1

    8b2587808a189839461f4feba1b5802fba36e0f7

  • SHA256

    756ab7b9d92c134951bdedbb6a4e27942bf06b8e714fdeabb28af99db8900c8f

  • SHA512

    5b7a9e5f242abfe1b59734914479bdd214d3f6b3525f199eaab4374c59f4087427d17f07ff7bab044003b7ae2455ee3fadb13cc7d7e6ecafd9921aee25a6b8b7

  • SSDEEP

    384:A9s1zPeajJEZY5c7lYONE0xQ0a3pMp8ZHuMT4PR0A7QoE16ETTQkjHr2RSE6KT6N:ASPeat6YHONxv8O8ULP6YE9XQkPE+9L

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

420.igboat.com:42069

Mutex

qmG6idLENVQK

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      756ab7b9d92c134951bdedbb6a4e27942bf06b8e714fdeabb28af99db8900c8f

    • Size

      31KB

    • MD5

      a3d7e3a437c20aea540f58179fdb8757

    • SHA1

      8b2587808a189839461f4feba1b5802fba36e0f7

    • SHA256

      756ab7b9d92c134951bdedbb6a4e27942bf06b8e714fdeabb28af99db8900c8f

    • SHA512

      5b7a9e5f242abfe1b59734914479bdd214d3f6b3525f199eaab4374c59f4087427d17f07ff7bab044003b7ae2455ee3fadb13cc7d7e6ecafd9921aee25a6b8b7

    • SSDEEP

      384:A9s1zPeajJEZY5c7lYONE0xQ0a3pMp8ZHuMT4PR0A7QoE16ETTQkjHr2RSE6KT6N:ASPeat6YHONxv8O8ULP6YE9XQkPE+9L

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detects file containing reversed ASEP Autorun registry keys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks