General
-
Target
ameerclient.exe
-
Size
48KB
-
Sample
240507-fsgd7sag31
-
MD5
12756d277802542acb80cbbe1d4e0f14
-
SHA1
bfc7adb73390cc71c57792f9855dd107e2e26e17
-
SHA256
951530a346783029d60acf0aaaf52b5962c5bfed8a92542979335ed574f204f6
-
SHA512
126875b1745d65fb7083adfe5a27662ce996ae673e475a0936503653cceccb8c2ae12ed481593074af4131b1deaf1c0475ccde66a51ef794acea8b50cf5c0793
-
SSDEEP
768:JukTVT0kLd3WULVPdVmo2qDGLfgSYPIUwCa0bwBciUBvYcFnlZ7ZgxErDTBDZIG+:JukTVT0M912FoSdUwUbwBc1fFgxErhdS
Malware Config
Extracted
asyncrat
Xoshnaw
1877
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1877
nerakar.duckdns.org:6606
nerakar.duckdns.org:7707
nerakar.duckdns.org:8808
nerakar.duckdns.org:1877
3YeYWvX7BQIk
-
delay
3
-
install
true
-
install_file
chroma.exe
-
install_folder
%AppData%
Targets
-
-
Target
ameerclient.exe
-
Size
48KB
-
MD5
12756d277802542acb80cbbe1d4e0f14
-
SHA1
bfc7adb73390cc71c57792f9855dd107e2e26e17
-
SHA256
951530a346783029d60acf0aaaf52b5962c5bfed8a92542979335ed574f204f6
-
SHA512
126875b1745d65fb7083adfe5a27662ce996ae673e475a0936503653cceccb8c2ae12ed481593074af4131b1deaf1c0475ccde66a51ef794acea8b50cf5c0793
-
SSDEEP
768:JukTVT0kLd3WULVPdVmo2qDGLfgSYPIUwCa0bwBciUBvYcFnlZ7ZgxErDTBDZIG+:JukTVT0M912FoSdUwUbwBc1fFgxErhdS
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-