General

  • Target

    2024-05-30_4be3faf962aeccdded46157b294bf623_asyncrat_icedid

  • Size

    1.9MB

  • Sample

    240530-l31tgsdg4z

  • MD5

    4be3faf962aeccdded46157b294bf623

  • SHA1

    77a83c8abc77e5d093412d6bbc21dff52d94e3ca

  • SHA256

    39a150550c203ceed145c316398651e550941e0364510b5a1534bed963eaa739

  • SHA512

    91ea0cb2cfb2a28429cce867626098895f12dd60f41c9b88d7b69cb24a2bc7e1899d45654aee29fa4344a584ffeb23cc02118d4b97f52beafc80b7cb2a6516ff

  • SSDEEP

    24576:23eHKTm2k57CY4r3XQ8hxMqhKcMxcqqaxA05THmAQpwjzXdsjfb1WS8bPzIV8nwe:2c5GY4r3TVKcMqa1tGvUsVWS8bPW8wkX

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

allay.x3322.net:5050

Mutex

gnrfjlujxmukjuvrs

Attributes
  • delay

    1

  • install

    true

  • install_file

    WriteFile.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-05-30_4be3faf962aeccdded46157b294bf623_asyncrat_icedid

    • Size

      1.9MB

    • MD5

      4be3faf962aeccdded46157b294bf623

    • SHA1

      77a83c8abc77e5d093412d6bbc21dff52d94e3ca

    • SHA256

      39a150550c203ceed145c316398651e550941e0364510b5a1534bed963eaa739

    • SHA512

      91ea0cb2cfb2a28429cce867626098895f12dd60f41c9b88d7b69cb24a2bc7e1899d45654aee29fa4344a584ffeb23cc02118d4b97f52beafc80b7cb2a6516ff

    • SSDEEP

      24576:23eHKTm2k57CY4r3XQ8hxMqhKcMxcqqaxA05THmAQpwjzXdsjfb1WS8bPzIV8nwe:2c5GY4r3TVKcMqa1tGvUsVWS8bPW8wkX

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Detects executables attemping to enumerate video devices using WMI

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks