General

  • Target

    27062024_1338_ItsComedy.exe

  • Size

    855KB

  • Sample

    240628-xn7h9sscqp

  • MD5

    b5b386647759950985f508aa63904683

  • SHA1

    50db7da719c52cf6d44cf278b4583cf3d61f2457

  • SHA256

    76c26de3a458e5cc615fb37d0b6481a1260e6b62cc7e801a45210693f381ece7

  • SHA512

    733edd9bc4dc601df93cbc1a892e50cbca61deb9745000d897fde60cc78b2fbd35e9776cb5568f4fd4d4f658dc7e90a317685f72460f36f202b0d87474e6896e

  • SSDEEP

    24576:7EANp7iAwn4qhDEwsGcrqFx1minZyTQSr8xbbt:cAwnDq2n7PxV

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit by Vinom Rat

Botnet

Default

C2

williamskim.ddnsfree.com:6666

williamskim.ddnsfree.com:7777

williamskim.ddnsfree.com:8888

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      27062024_1338_ItsComedy.exe

    • Size

      855KB

    • MD5

      b5b386647759950985f508aa63904683

    • SHA1

      50db7da719c52cf6d44cf278b4583cf3d61f2457

    • SHA256

      76c26de3a458e5cc615fb37d0b6481a1260e6b62cc7e801a45210693f381ece7

    • SHA512

      733edd9bc4dc601df93cbc1a892e50cbca61deb9745000d897fde60cc78b2fbd35e9776cb5568f4fd4d4f658dc7e90a317685f72460f36f202b0d87474e6896e

    • SSDEEP

      24576:7EANp7iAwn4qhDEwsGcrqFx1minZyTQSr8xbbt:cAwnDq2n7PxV

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks