General

  • Target

    Report.ps1

  • Size

    151KB

  • Sample

    240628-kbelhazdje

  • MD5

    054618073752ea5823c98130114a3241

  • SHA1

    fa0b6774ce03cd7d58d8ae6e35c3af7ab5a31e0a

  • SHA256

    bb3f2ff46e9dae66cf62c6e7606a66d02b65abc8dac96e96acd554ebf6fd40ad

  • SHA512

    a4f8c512f1a453a0ee106076111ca085d1d584c7cbae9343c253297f637d40114a2c412ead91761be9f8dbbd3f6c092ca47bb3aa7837fe0e5e34d0a959a4ab79

  • SSDEEP

    1536:seS5tcblb19Uctb+Kl0yhfes/bapbXEX2SgDQHWGjKdAqNvRKIPQryxWB9C7Dsi+:PSTI9UcZ3n39C7Dsi3br3ApuL4QzC

Malware Config

Extracted

Family

asyncrat

Version

A9

Botnet

Default

C2

services-line2.freeddns.org:5500

Mutex

AsyncMutex_6SI8OkSKO

Attributes
  • delay

    3

  • install

    false

  • install_file

    ShellExperienceHost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Report.ps1

    • Size

      151KB

    • MD5

      054618073752ea5823c98130114a3241

    • SHA1

      fa0b6774ce03cd7d58d8ae6e35c3af7ab5a31e0a

    • SHA256

      bb3f2ff46e9dae66cf62c6e7606a66d02b65abc8dac96e96acd554ebf6fd40ad

    • SHA512

      a4f8c512f1a453a0ee106076111ca085d1d584c7cbae9343c253297f637d40114a2c412ead91761be9f8dbbd3f6c092ca47bb3aa7837fe0e5e34d0a959a4ab79

    • SSDEEP

      1536:seS5tcblb19Uctb+Kl0yhfes/bapbXEX2SgDQHWGjKdAqNvRKIPQryxWB9C7Dsi+:PSTI9UcZ3n39C7Dsi3br3ApuL4QzC

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks