General

  • Target

    Infected.exe

  • Size

    63KB

  • Sample

    240630-sea2gszcjh

  • MD5

    ec264d38c731406574c516403c8216f9

  • SHA1

    46ee5910bb1ddce81d60423f368414e1fd0a4d69

  • SHA256

    1e64cff6d6002cf26905231e74eb9cb6150385e7f05c8eb1cfc2fc59062be89b

  • SHA512

    ca7174f217e4737db208254f4c8fb0c6ddf112ecfb39b7c84d8732f6201d5bed28f72ffc17b5014d7e76d4b989ca13ca738a2e1d9f45386d2043e4c3a77d7797

  • SSDEEP

    768:C2N0YjNUzTHC78dQC8A+XzGazcBRL5JTk1+T4KSBGHmDbD/ph0oX0JdT3vWSu8dP:UYmHssdSJYUbdh96dpu8dpqKmY7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

Ratrat2-50148.portmap.host:50148

Attributes
  • delay

    2

  • install

    true

  • install_file

    Alg.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Infected.exe

    • Size

      63KB

    • MD5

      ec264d38c731406574c516403c8216f9

    • SHA1

      46ee5910bb1ddce81d60423f368414e1fd0a4d69

    • SHA256

      1e64cff6d6002cf26905231e74eb9cb6150385e7f05c8eb1cfc2fc59062be89b

    • SHA512

      ca7174f217e4737db208254f4c8fb0c6ddf112ecfb39b7c84d8732f6201d5bed28f72ffc17b5014d7e76d4b989ca13ca738a2e1d9f45386d2043e4c3a77d7797

    • SSDEEP

      768:C2N0YjNUzTHC78dQC8A+XzGazcBRL5JTk1+T4KSBGHmDbD/ph0oX0JdT3vWSu8dP:UYmHssdSJYUbdh96dpu8dpqKmY7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks