General

  • Target

    02c81fd64990d84926c9af666d2fbe8a211a5381ab9193991ac76842db6d9f2d_NeikiAnalytics.exe

  • Size

    62KB

  • Sample

    240630-kfas4sydmp

  • MD5

    09e3d7f7cf1bd55abfbb5dc449d11240

  • SHA1

    19455e10349f367fc8041d0bd35ece8ab53235e4

  • SHA256

    02c81fd64990d84926c9af666d2fbe8a211a5381ab9193991ac76842db6d9f2d

  • SHA512

    fdc542b1f251b82dcaf735486d760ecd13259a3440eb79937d45bba0af0a0e5e8c8003315d7c4613408773d0924080023ae274ab1ddb8b3b5517fb1a3cda31f1

  • SSDEEP

    1536:SZOPH9F4s1THE6HjpeeCglUGbbXwACbCg7JGbtpqKmY7:SZOPH9F4sBHLj8ep+GbbX2bCgG2z

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.0.1

Botnet

Default

C2

47.242.70.176:8848

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    Client Server Runtime Process.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      02c81fd64990d84926c9af666d2fbe8a211a5381ab9193991ac76842db6d9f2d_NeikiAnalytics.exe

    • Size

      62KB

    • MD5

      09e3d7f7cf1bd55abfbb5dc449d11240

    • SHA1

      19455e10349f367fc8041d0bd35ece8ab53235e4

    • SHA256

      02c81fd64990d84926c9af666d2fbe8a211a5381ab9193991ac76842db6d9f2d

    • SHA512

      fdc542b1f251b82dcaf735486d760ecd13259a3440eb79937d45bba0af0a0e5e8c8003315d7c4613408773d0924080023ae274ab1ddb8b3b5517fb1a3cda31f1

    • SSDEEP

      1536:SZOPH9F4s1THE6HjpeeCglUGbbXwACbCg7JGbtpqKmY7:SZOPH9F4sBHLj8ep+GbbX2bCgG2z

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks