General

  • Target

    b5b386647759950985f508aa63904683.bin

  • Size

    836KB

  • Sample

    240630-d31jqatbrg

  • MD5

    d0cf26a49c160e19c9ad99ccac4f2c67

  • SHA1

    2a2e7f0e7defc063c82a3c7ee9f928c6f2bbd173

  • SHA256

    18c92a5a74b5ff7276b21a35f83f691e9647d05c0db237127605f020585aca29

  • SHA512

    d9214d355b4aa856a0ed69a2d8031ab6186c32254e8bfd5caf8d8b01e00c4773a45a1703f7ff75b0fcda9eea75cfcc96e91f8f4a2ad977637509c8f70ca8f719

  • SSDEEP

    12288:AtKHx3gRsaC5Hu0I0ANBf/ZvHCheRh8/8LLjwmGdZXdFb87Fn1heT8rX/oactkUI:mOCxvisQELkmmVdB8d0i/1ctkUrU1f

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

| Edit by Vinom Rat

Botnet

Default

C2

williamskim.ddnsfree.com:6666

williamskim.ddnsfree.com:7777

williamskim.ddnsfree.com:8888

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      76c26de3a458e5cc615fb37d0b6481a1260e6b62cc7e801a45210693f381ece7.exe

    • Size

      855KB

    • MD5

      b5b386647759950985f508aa63904683

    • SHA1

      50db7da719c52cf6d44cf278b4583cf3d61f2457

    • SHA256

      76c26de3a458e5cc615fb37d0b6481a1260e6b62cc7e801a45210693f381ece7

    • SHA512

      733edd9bc4dc601df93cbc1a892e50cbca61deb9745000d897fde60cc78b2fbd35e9776cb5568f4fd4d4f658dc7e90a317685f72460f36f202b0d87474e6896e

    • SSDEEP

      24576:7EANp7iAwn4qhDEwsGcrqFx1minZyTQSr8xbbt:cAwnDq2n7PxV

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks