Resubmissions

30-06-2024 17:11

240630-vqqbna1dle 10

30-06-2024 16:54

240630-ve1m9athqp 10

General

  • Target

    North.exe

  • Size

    1.0MB

  • Sample

    240630-ve1m9athqp

  • MD5

    3a3c4b29b5b5f763a2bb1f886f2d673a

  • SHA1

    8c7654be0c885bb839586fb878188eab83ac4e98

  • SHA256

    1bbb3bbcb68a435284cf1508b246e1766a1cb42cd89f60ea546824421b01e712

  • SHA512

    64e3892c9ddbe762b50e1209b94405788d5a6ec805a495a2ad90f80fc0d7ddf782fe8940f6c1387911de14942d1fa662257db4e7831117ba60d68672c16b6b3c

  • SSDEEP

    24576:Nk70TrcPzxFUTvUDMFShuyOb7h3skqSZ9ey9ma/3uuJGcPfpsSC:NkQTAPzoT8GSE7B3emcqXJ3PRs7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

newsvchost

C2

amazonshipping.duckdns.org:3311

Mutex

87gygyfg7o8g7fgayasuufsadgusdfgh

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      North.exe

    • Size

      1.0MB

    • MD5

      3a3c4b29b5b5f763a2bb1f886f2d673a

    • SHA1

      8c7654be0c885bb839586fb878188eab83ac4e98

    • SHA256

      1bbb3bbcb68a435284cf1508b246e1766a1cb42cd89f60ea546824421b01e712

    • SHA512

      64e3892c9ddbe762b50e1209b94405788d5a6ec805a495a2ad90f80fc0d7ddf782fe8940f6c1387911de14942d1fa662257db4e7831117ba60d68672c16b6b3c

    • SSDEEP

      24576:Nk70TrcPzxFUTvUDMFShuyOb7h3skqSZ9ey9ma/3uuJGcPfpsSC:NkQTAPzoT8GSE7B3emcqXJ3PRs7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks