General

  • Target

    las.cmd

  • Size

    72KB

  • Sample

    240523-t7bddshd4z

  • MD5

    4bfe57ca78dd1ac468e92a2307783552

  • SHA1

    73966e6a19ba6f1ea47002ddcbc42d5ac6434b22

  • SHA256

    3e0590e42affae14f003fe2686abb8bd9be6e2fb48f7160779d0dc0c03cdfeee

  • SHA512

    21a0071708eaeead1ebf0cb96ab39955b6ced797c0b9e25005c5c8ae4659f2ef842de42572f15fa02eb91df82eb5ba82b1b0d06d09d908d835f039f23fca4572

  • SSDEEP

    1536:W4s6PYSYp0q0tIlQ2baGAIbsIpcEj/Bi81w2yfmfV2fymv:46PHY2glQ2nAIQUcY91Fj2fyi

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

hjdsasync.duckdns.org:8797

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      las.cmd

    • Size

      72KB

    • MD5

      4bfe57ca78dd1ac468e92a2307783552

    • SHA1

      73966e6a19ba6f1ea47002ddcbc42d5ac6434b22

    • SHA256

      3e0590e42affae14f003fe2686abb8bd9be6e2fb48f7160779d0dc0c03cdfeee

    • SHA512

      21a0071708eaeead1ebf0cb96ab39955b6ced797c0b9e25005c5c8ae4659f2ef842de42572f15fa02eb91df82eb5ba82b1b0d06d09d908d835f039f23fca4572

    • SSDEEP

      1536:W4s6PYSYp0q0tIlQ2baGAIbsIpcEj/Bi81w2yfmfV2fymv:46PHY2glQ2nAIQUcY91Fj2fyi

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks