General

  • Target

    44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706

  • Size

    47KB

  • Sample

    240628-2vpdgsxdrj

  • MD5

    4a56c6e517888a3524999e18e6d7740b

  • SHA1

    3781d9472264ca9af471cdc80ffc87c34134c112

  • SHA256

    44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706

  • SHA512

    0b7c6c0f82b19b20632d8a8d8c93a772f175acc0bf1c9ff1a57f5e731f739806b98663f824a7ec07843cad2fe69376bba57967587a86e5dfe4dc890df334ba4e

  • SSDEEP

    768:Euzkx3FTkYwt9y4gWUOlKnjamo2q8ayby6FXbWPI8rQ9Hyfw+0bF3HFZBzUccTUW:EuS3FTHHe2Gy+6Z78rQ9HGWbF3T9U5+Q

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

Mutex

0UfuvIZfaBv8

Attributes
  • delay

    3

  • install

    true

  • install_file

    api.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/aDAYnLv4

aes.plain

Targets

    • Target

      44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706

    • Size

      47KB

    • MD5

      4a56c6e517888a3524999e18e6d7740b

    • SHA1

      3781d9472264ca9af471cdc80ffc87c34134c112

    • SHA256

      44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706

    • SHA512

      0b7c6c0f82b19b20632d8a8d8c93a772f175acc0bf1c9ff1a57f5e731f739806b98663f824a7ec07843cad2fe69376bba57967587a86e5dfe4dc890df334ba4e

    • SSDEEP

      768:Euzkx3FTkYwt9y4gWUOlKnjamo2q8ayby6FXbWPI8rQ9Hyfw+0bF3HFZBzUccTUW:EuS3FTHHe2Gy+6Z78rQ9HGWbF3T9U5+Q

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks