General

  • Target

    start.exe

  • Size

    63KB

  • Sample

    240522-jh493agf2z

  • MD5

    c1ade258f05c512e98ebc4d9d1165f8a

  • SHA1

    acf20f6a7dc7841ae06f801b887289fdc99e0488

  • SHA256

    447eae52ab1979405497866c72df7ec0703085ad6946ab0127f612b1518f8759

  • SHA512

    5b652e0ef6293d7baeb7e9d8b79322ec65e98d748e1df492099fa6692d0bbc78f032df68e7028a28af06b5c27394456159351a6469fdaf777e6eb98609331076

  • SSDEEP

    1536:SaKFoNbEkySYKumUYFOy5biAPY0JG4aRjnl7RUr+TG5x:SawoNbEkAKumUYFD5biF0JejxSsCx

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Exodus_Market

C2

leetboy.dynuddns.net:1339

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    svchos.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      start.exe

    • Size

      63KB

    • MD5

      c1ade258f05c512e98ebc4d9d1165f8a

    • SHA1

      acf20f6a7dc7841ae06f801b887289fdc99e0488

    • SHA256

      447eae52ab1979405497866c72df7ec0703085ad6946ab0127f612b1518f8759

    • SHA512

      5b652e0ef6293d7baeb7e9d8b79322ec65e98d748e1df492099fa6692d0bbc78f032df68e7028a28af06b5c27394456159351a6469fdaf777e6eb98609331076

    • SSDEEP

      1536:SaKFoNbEkySYKumUYFOy5biAPY0JG4aRjnl7RUr+TG5x:SawoNbEkAKumUYFD5biF0JejxSsCx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks