General

  • Target

    91eae3aeb592e530edf843431d616dc6e3196b4eecd341d7422f84a466bcb8c2

  • Size

    414KB

  • Sample

    240417-rvse2aca83

  • MD5

    c0b40ed5c7e6973ba582fc0aceb469d0

  • SHA1

    1e3577af6b974f880d2d5c81b2b0f13179f5f778

  • SHA256

    91eae3aeb592e530edf843431d616dc6e3196b4eecd341d7422f84a466bcb8c2

  • SHA512

    3a26356ed224f4ffa14ca51b13a483a4d7b40dee0f500f4655039a7c0aa51dbd78c8dd4a6966b4adc300dd5dd3e37aad72c75ff694f0add135a85d2142ffda8e

  • SSDEEP

    6144:nO/61IxIUZnZKql4hG90VJOXRywChqEH7KqqR1HVAndterITdPNpszHhRX:nOSiTZngvGdEhNH0R1On7er4vpY

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

45.145.55.81:6606

45.145.55.81:7707

45.145.55.81:8808

Mutex

yy4orPaIfKQ9

Attributes
  • delay

    3

  • install

    true

  • install_file

    note.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      0b73e8607350c592c70b7e5845a1d7d4a7b60bd05ea1a86a7c5dd21fc48a43fe.exe

    • Size

      681KB

    • MD5

      34ba2f8eca9f38d2cd3a8fa1bf57ab81

    • SHA1

      24948a5f1f23a471d7bdc1d4f2c0cc9b9914d17b

    • SHA256

      0b73e8607350c592c70b7e5845a1d7d4a7b60bd05ea1a86a7c5dd21fc48a43fe

    • SHA512

      0897ccd7920c421259bcd53511160e68dd0020c5c88a80dded4b9a7b4427b76e7eacca03be7b0be5a2eea9f3bca1374ff104950ddd09dec67e412c4524f957c6

    • SSDEEP

      12288:vBAt6aqLw7nKNPxgQfHU497m35Z8Awc2x:vetmCKNpgQf0CaJZ8

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks