Resubmissions

25-06-2024 00:47

240625-a5p9zsvbkr 10

25-06-2024 00:44

240625-a3hgcsvajr 10

General

  • Target

    RobloxPlayerInstaller (5).exe

  • Size

    176KB

  • Sample

    240625-a3hgcsvajr

  • MD5

    b0c9e6677fecf10fc3f0ce262a1ad331

  • SHA1

    d45c158a7685f37b0aa862c7fa898ec9cedf02c3

  • SHA256

    bfe077d8ac72747c71c4983541bfb6b776799512b375eed68821f2e39bd175a7

  • SHA512

    d0f53afcfdaf5732a135b2f86de15bf10a400432d65203529f326976415f0d0ab42b63b062037217dfafa456a367d043a16db67a82f8798adaf492f6d659d2ed

  • SSDEEP

    3072:MRq9GPmn8jbK55fWgQoq/FfmDo7VHkkkkkkkkkkkkkkkkkakkRkkAjiAL+dU6VD6:voPA8jbEl5idPxHkkkkkkkkkkkkkkkkT

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:80

127.0.0.1:21434

mcdonaldsincorp-21434.portmap.host:80

mcdonaldsincorp-21434.portmap.host:21434

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    RobloxPlayerBeta.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      RobloxPlayerInstaller (5).exe

    • Size

      176KB

    • MD5

      b0c9e6677fecf10fc3f0ce262a1ad331

    • SHA1

      d45c158a7685f37b0aa862c7fa898ec9cedf02c3

    • SHA256

      bfe077d8ac72747c71c4983541bfb6b776799512b375eed68821f2e39bd175a7

    • SHA512

      d0f53afcfdaf5732a135b2f86de15bf10a400432d65203529f326976415f0d0ab42b63b062037217dfafa456a367d043a16db67a82f8798adaf492f6d659d2ed

    • SSDEEP

      3072:MRq9GPmn8jbK55fWgQoq/FfmDo7VHkkkkkkkkkkkkkkkkkakkRkkAjiAL+dU6VD6:voPA8jbEl5idPxHkkkkkkkkkkkkkkkkT

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Tasks