General

  • Target

    spoofer-unlink.exe

  • Size

    63KB

  • Sample

    240627-tv1shssaln

  • MD5

    49a5f1932378fabb00711adf84d5582d

  • SHA1

    1006e995a77d51759c8f58c901e4a3556a4a2170

  • SHA256

    4ea1569208dbd652ec6bef2f841e17f82b708110edbfbb853961d35c364a7108

  • SHA512

    08d4c7ee8935b9ee2c0cd74f1dd49bc6ef58c7ff62fdd1a91b73fa0c157fc28d903a3c70f467ba6f979cc49bb4b959bef67669056998597311f25da96c0c7b61

  • SSDEEP

    1536:feQPcLwiTUz5mYUb7v9aLfBlHG0uwdpqKmY7:feDcmUMYUb7oBIyGz

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

0.tcp.eu.ngrok.io13746:13746

Attributes
  • delay

    1

  • install

    true

  • install_file

    spoofer.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      spoofer-unlink.exe

    • Size

      63KB

    • MD5

      49a5f1932378fabb00711adf84d5582d

    • SHA1

      1006e995a77d51759c8f58c901e4a3556a4a2170

    • SHA256

      4ea1569208dbd652ec6bef2f841e17f82b708110edbfbb853961d35c364a7108

    • SHA512

      08d4c7ee8935b9ee2c0cd74f1dd49bc6ef58c7ff62fdd1a91b73fa0c157fc28d903a3c70f467ba6f979cc49bb4b959bef67669056998597311f25da96c0c7b61

    • SSDEEP

      1536:feQPcLwiTUz5mYUb7v9aLfBlHG0uwdpqKmY7:feDcmUMYUb7oBIyGz

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks