General

  • Target

    Silent.Crypto.Miner.Builder.rar

  • Size

    81.8MB

  • Sample

    240627-tnjwes1gjn

  • MD5

    933d0f5124ce80145887ac1fa70cce22

  • SHA1

    0d18410b44a306620faa6e80ab2a1f3b454638e8

  • SHA256

    2d892e65432b58585112e78deec5750652a25249dd4f56e0fd6d47fe7804baf1

  • SHA512

    62ce1274e2ff0cf808d291ed8db92c17bcd1b1eb5caac4573a7c9cda1b88fa85958711f3f4a6f3df3092184a049dca0bd7a7d58f536e8772fddfd934ccdb99b6

  • SSDEEP

    1572864:Fd61wTAxnsyiOtrAqunqBZqx6ikncQTw5EH+tjkx6SR0thS3eb7Dt:FFTUnsHOhTPU6iknFOk+tjkx6RthOeXB

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

unam

C2

windowsignn.theworkpc.com:6606

Mutex

AsyncMutex_5552

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Silent.Crypto.Miner.Builder.rar

    • Size

      81.8MB

    • MD5

      933d0f5124ce80145887ac1fa70cce22

    • SHA1

      0d18410b44a306620faa6e80ab2a1f3b454638e8

    • SHA256

      2d892e65432b58585112e78deec5750652a25249dd4f56e0fd6d47fe7804baf1

    • SHA512

      62ce1274e2ff0cf808d291ed8db92c17bcd1b1eb5caac4573a7c9cda1b88fa85958711f3f4a6f3df3092184a049dca0bd7a7d58f536e8772fddfd934ccdb99b6

    • SSDEEP

      1572864:Fd61wTAxnsyiOtrAqunqBZqx6ikncQTw5EH+tjkx6SR0thS3eb7Dt:FFTUnsHOhTPU6iknFOk+tjkx6RthOeXB

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks