General

  • Target

    d3ee71a515d5d2e0cebe77b424085ed2185c0008857eaa62680d125828e30961

  • Size

    2.2MB

  • Sample

    240514-s4l52sdc65

  • MD5

    1786c2303cfe0c8ee33bfbd782fd87b0

  • SHA1

    4c23ed0c7efd03a814d33c470e4baa4cd7a73f59

  • SHA256

    d3ee71a515d5d2e0cebe77b424085ed2185c0008857eaa62680d125828e30961

  • SHA512

    17cc9c7259811e1ad9024d75cced0d1665256cff141432215c30291076f5f7dc5350c5155565c0c2644f809b4758c36a4f4811c3a8411b9f52df0bcd787d264e

  • SSDEEP

    49152:zZJsYUJaVYwRP2JmqxhZw1DGuQB4nAHsuzMCujKVn8sNMQmpVnsYVMv2Aib:zZJ1k40mGnWDGptNwCpn8s2TsYj/b

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

5512.sytes.net:6606

5512.sytes.net:7707

5512.sytes.net:8808

95.211.208.153:6606

95.211.208.153:7707

95.211.208.153:8808

Mutex

Llg9a02PERRO

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      369be61aca46750085c842147909f80c8f938555071adeaceac6727bfcf74186.exe

    • Size

      2.3MB

    • MD5

      a717a432c558f56c46709d6d3ec9837f

    • SHA1

      ceda052be2519383085089a41c422ce2b1400a46

    • SHA256

      369be61aca46750085c842147909f80c8f938555071adeaceac6727bfcf74186

    • SHA512

      e859810a198b8b946581ed6197b1154856e736687dd593d383dc952a3afd597ed6b5a631a8e6b2228a425b809b772457e6e10e0ca6f68cd8f0a8cc637a81132c

    • SSDEEP

      49152:T+GJaXbo4IKA2WN4M63n4dHzCJYU6Mm4/4w2RAObR8XlZrzyiko:TboxWN4UHzCJYCmX5w1ZXyik

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks