General
-
Target
56b65c0c1e134f20968c3027a527f27722c11de4512460eabf0002e95e593e0d.cmd
-
Size
91KB
-
Sample
240524-bn55jsgb78
-
MD5
981e0374ab07b58ea53823122fe91be7
-
SHA1
a162c8fac692cf34db330384f577f017fa003751
-
SHA256
56b65c0c1e134f20968c3027a527f27722c11de4512460eabf0002e95e593e0d
-
SHA512
edb3d2b49fd93462e12f6b67a9c476fdc4c085e684f127b110802d15545f2d62531239992fc21c07e2716a287da17b1efeaa150deb902c17bf59461be52a1043
-
SSDEEP
1536:W0Lad++Lr2vjYZRs6LTKZLZLNcUYv20oARdg59+AMlreZ3lVcJLhRMDTaPi2+YpA:VWsaLmZCtC9+plrS1VwLrME+Y6
Malware Config
Extracted
asyncrat
0.5.7B
Default
dhhj.duckdns.org:8797
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
56b65c0c1e134f20968c3027a527f27722c11de4512460eabf0002e95e593e0d.cmd
-
Size
91KB
-
MD5
981e0374ab07b58ea53823122fe91be7
-
SHA1
a162c8fac692cf34db330384f577f017fa003751
-
SHA256
56b65c0c1e134f20968c3027a527f27722c11de4512460eabf0002e95e593e0d
-
SHA512
edb3d2b49fd93462e12f6b67a9c476fdc4c085e684f127b110802d15545f2d62531239992fc21c07e2716a287da17b1efeaa150deb902c17bf59461be52a1043
-
SSDEEP
1536:W0Lad++Lr2vjYZRs6LTKZLZLNcUYv20oARdg59+AMlreZ3lVcJLhRMDTaPi2+YpA:VWsaLmZCtC9+plrS1VwLrME+Y6
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Detects file containing reversed ASEP Autorun registry keys
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-