General

  • Target

    RobloxPlayerInstallerdc.exe

  • Size

    52KB

  • Sample

    240623-l52hssyaqc

  • MD5

    d1d4f10601fe63fd37d4bc3ba4d7ca7b

  • SHA1

    f37fc02608c96ac28fcb92bb45956992893cffd9

  • SHA256

    fe46aa3a0602d0d8bdd78d48f1a8ea6f0fca79717d2752a32dd9832eada9ac77

  • SHA512

    751f6720cffb91f3e47d51f060fa68e4ac5b44b425ef3a102efe1c26d66d49c872ffbb5e0ff58c56d7428e990f2e2b8aa35f2d092edcad0f86f904a6b94f8619

  • SSDEEP

    768:V9umxLiIL1CaS+DiMtelDSN+iV08YbygegFMKvmvEgK/JsR9e7OVc6KN:V9uAPWMtKDs4zb15FMImnkJs70OVclN

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:80

127.0.0.1:26181

lolimaginerattin24-26181.portmap.host:8848

lolimaginerattin24-26181.portmap.host:80

lolimaginerattin24-26181.portmap.host:26181

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      RobloxPlayerInstallerdc.exe

    • Size

      52KB

    • MD5

      d1d4f10601fe63fd37d4bc3ba4d7ca7b

    • SHA1

      f37fc02608c96ac28fcb92bb45956992893cffd9

    • SHA256

      fe46aa3a0602d0d8bdd78d48f1a8ea6f0fca79717d2752a32dd9832eada9ac77

    • SHA512

      751f6720cffb91f3e47d51f060fa68e4ac5b44b425ef3a102efe1c26d66d49c872ffbb5e0ff58c56d7428e990f2e2b8aa35f2d092edcad0f86f904a6b94f8619

    • SSDEEP

      768:V9umxLiIL1CaS+DiMtelDSN+iV08YbygegFMKvmvEgK/JsR9e7OVc6KN:V9uAPWMtKDs4zb15FMImnkJs70OVclN

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

MITRE ATT&CK Matrix

Tasks