General

  • Target

    f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11.exe

  • Size

    1.1MB

  • Sample

    240619-cafhea1hqa

  • MD5

    935fa2bdf4a8b2b9d71c1e87dfda27ef

  • SHA1

    468fea59efdd1e52aebd17edd6185d472a311f7e

  • SHA256

    f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11

  • SHA512

    74434c0a88589083d9087158ec3fb75921e4715bb61654ef4688fe936d3677a3224451be9140087596c01d1ccc6054064791ad2307a84e7b9bf221b36e0def36

  • SSDEEP

    24576:xcvYPuAT6+Feyf8h8zwGhKL8bzh2God0Tae3sHPFMses6n:xZP1VFeyftzdhKLsQdle3svFM

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:7771

127.0.0.1:39377

doffuovouvvufoz97964d-39377.portmap.host:7771

doffuovouvvufoz97964d-39377.portmap.host:39377

Attributes
  • delay

    1

  • install

    true

  • install_file

    lulz.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11.exe

    • Size

      1.1MB

    • MD5

      935fa2bdf4a8b2b9d71c1e87dfda27ef

    • SHA1

      468fea59efdd1e52aebd17edd6185d472a311f7e

    • SHA256

      f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11

    • SHA512

      74434c0a88589083d9087158ec3fb75921e4715bb61654ef4688fe936d3677a3224451be9140087596c01d1ccc6054064791ad2307a84e7b9bf221b36e0def36

    • SSDEEP

      24576:xcvYPuAT6+Feyf8h8zwGhKL8bzh2God0Tae3sHPFMses6n:xZP1VFeyftzdhKLsQdle3svFM

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables containing the string DcRatBy

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks