General

  • Target

    update.cmd

  • Size

    91KB

  • Sample

    240523-t4jklahd73

  • MD5

    981e0374ab07b58ea53823122fe91be7

  • SHA1

    a162c8fac692cf34db330384f577f017fa003751

  • SHA256

    56b65c0c1e134f20968c3027a527f27722c11de4512460eabf0002e95e593e0d

  • SHA512

    edb3d2b49fd93462e12f6b67a9c476fdc4c085e684f127b110802d15545f2d62531239992fc21c07e2716a287da17b1efeaa150deb902c17bf59461be52a1043

  • SSDEEP

    1536:W0Lad++Lr2vjYZRs6LTKZLZLNcUYv20oARdg59+AMlreZ3lVcJLhRMDTaPi2+YpA:VWsaLmZCtC9+plrS1VwLrME+Y6

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

dhhj.duckdns.org:8797

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      update.cmd

    • Size

      91KB

    • MD5

      981e0374ab07b58ea53823122fe91be7

    • SHA1

      a162c8fac692cf34db330384f577f017fa003751

    • SHA256

      56b65c0c1e134f20968c3027a527f27722c11de4512460eabf0002e95e593e0d

    • SHA512

      edb3d2b49fd93462e12f6b67a9c476fdc4c085e684f127b110802d15545f2d62531239992fc21c07e2716a287da17b1efeaa150deb902c17bf59461be52a1043

    • SSDEEP

      1536:W0Lad++Lr2vjYZRs6LTKZLZLNcUYv20oARdg59+AMlreZ3lVcJLhRMDTaPi2+YpA:VWsaLmZCtC9+plrS1VwLrME+Y6

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks