General

  • Target

    dotnet.bat

  • Size

    62KB

  • Sample

    240627-12dpwstdnh

  • MD5

    3dfb1c3ff09dc31a4096b821b9ff204b

  • SHA1

    8604c300175bf352b7612412c6521064a2514674

  • SHA256

    a6a1b599988d0dddc226b2c2a3780426d84fcccb29de54076f3171131b84560b

  • SHA512

    895cfb222d6b20b9761188531a3ba45df6f7f799aaf760c14c2de4892947a124c35bcd66e20e98cf62bd4c635c46fc5f8ab6d8c7207a081d98b2b8b31a47e172

  • SSDEEP

    1536:nOTyT0nIr49koWVZVCud2f7vXJiEOlVnpw0APKNjO4mdFqQjHQp+XuHdd:OmTGZ0aPIEapexSNjO4mdFqQjHQp+Xun

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

WinExplOMG

C2

stormx.dynu.net:77

Mutex

winexpomg

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      dotnet.bat

    • Size

      62KB

    • MD5

      3dfb1c3ff09dc31a4096b821b9ff204b

    • SHA1

      8604c300175bf352b7612412c6521064a2514674

    • SHA256

      a6a1b599988d0dddc226b2c2a3780426d84fcccb29de54076f3171131b84560b

    • SHA512

      895cfb222d6b20b9761188531a3ba45df6f7f799aaf760c14c2de4892947a124c35bcd66e20e98cf62bd4c635c46fc5f8ab6d8c7207a081d98b2b8b31a47e172

    • SSDEEP

      1536:nOTyT0nIr49koWVZVCud2f7vXJiEOlVnpw0APKNjO4mdFqQjHQp+XuHdd:OmTGZ0aPIEapexSNjO4mdFqQjHQp+Xun

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks