Resubmissions

24-06-2024 20:32

240624-zbry6a1hpf 10

04-01-2024 19:56

240104-yn1amaaeg4 10

General

  • Target

    NoSkillCC_Temp.exe

  • Size

    297KB

  • Sample

    240624-zbry6a1hpf

  • MD5

    94af49da910c1e7f6ecea26e5f0c400e

  • SHA1

    2090d0904749d1b7920f8c07e72b48b93781c28a

  • SHA256

    227a542a8b48d63e4f0ef00fe8c62d352db0587d58b293a50823cf89645ee66a

  • SHA512

    e587e88accd2fabfcb823dfcfbb4649b8dc21366bafc2dc9d1a99cf35087159c6ee697afee6fcaa00075344897edd6c67d086624322e05209045e4abc0abae33

  • SSDEEP

    6144:tJt4TzCtQW7zWMf5SjbFj3YoZZ0fmBDpBjRp605GRgrMsK:p4ABf56lD+fwvRp605GRy

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

147.185.221.16:4040

127.0.0.1:4040

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

testdamahe.duckdns.org:8848

Mutex

aghahgiuaehgiueahiguahieghahgiahgiaehgiueaghaiug

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      NoSkillCC_Temp.exe

    • Size

      297KB

    • MD5

      94af49da910c1e7f6ecea26e5f0c400e

    • SHA1

      2090d0904749d1b7920f8c07e72b48b93781c28a

    • SHA256

      227a542a8b48d63e4f0ef00fe8c62d352db0587d58b293a50823cf89645ee66a

    • SHA512

      e587e88accd2fabfcb823dfcfbb4649b8dc21366bafc2dc9d1a99cf35087159c6ee697afee6fcaa00075344897edd6c67d086624322e05209045e4abc0abae33

    • SSDEEP

      6144:tJt4TzCtQW7zWMf5SjbFj3YoZZ0fmBDpBjRp605GRgrMsK:p4ABf56lD+fwvRp605GRy

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v13

Tasks