General

  • Target

    2024-05-31_6b3eb8da9f60c431005ead6a739e6f4a_megazord

  • Size

    3.9MB

  • Sample

    240531-bllywsae54

  • MD5

    6b3eb8da9f60c431005ead6a739e6f4a

  • SHA1

    efd48593dc24cfd2e01fc35f2bc0c40fdb4211ed

  • SHA256

    c27ce7e1c51bc329a5b628607decd994606bd816eb3c43987c8be68a52fff5d8

  • SHA512

    f67df32420033402a8bee083bc2f6c3cf56689df802dc7715e7b3e0adf8d8d043d1fee7d3549a0c19808dcb2cb43f55283b54a90f15dc74c9dbee5de288b133f

  • SSDEEP

    49152:N4dRnLKzYDdG6JC0bXDRi7FuaWeKYPUgOWUoEqXJ+KGxA1f6lrkdMDYQ:Ngkd9c/KGhydMDY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

2.0.0

Botnet

Default

C2

webwhatsapp.cc:65503

Mutex

ShiningForceRatMutex_cs_cs_cs

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-05-31_6b3eb8da9f60c431005ead6a739e6f4a_megazord

    • Size

      3.9MB

    • MD5

      6b3eb8da9f60c431005ead6a739e6f4a

    • SHA1

      efd48593dc24cfd2e01fc35f2bc0c40fdb4211ed

    • SHA256

      c27ce7e1c51bc329a5b628607decd994606bd816eb3c43987c8be68a52fff5d8

    • SHA512

      f67df32420033402a8bee083bc2f6c3cf56689df802dc7715e7b3e0adf8d8d043d1fee7d3549a0c19808dcb2cb43f55283b54a90f15dc74c9dbee5de288b133f

    • SSDEEP

      49152:N4dRnLKzYDdG6JC0bXDRi7FuaWeKYPUgOWUoEqXJ+KGxA1f6lrkdMDYQ:Ngkd9c/KGhydMDY

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables containing the string DcRatBy

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks