General

  • Target

    AsyncClient.exe

  • Size

    45KB

  • Sample

    240630-x9eqdawhjj

  • MD5

    2d6030914d86c50990e0c5c9694564e1

  • SHA1

    61a60c1d5912607e0324225a8ef57fcf6dc5d16f

  • SHA256

    4acd98781c77dc8b97fd5c7cee3d92cf48cb5262c1e118d5aa709959e410aa7f

  • SHA512

    f2c70d0ae837343fe77de7082a0d562ea88496b0bbb1197ccae841c26924c33cb00ab0ad050b1022fca166d64abbc12673a4a73007a751ed7738e50911ea3a62

  • SSDEEP

    768:mu/dRTUo0HQbWUnmjSmo2qMwKjPGaG6PIyzjbFgX3ihRUwEhNGeBDZyx:mu/dRTUPE2kKTkDy3bCXS0L75dyx

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

2.tcp.ngrok.io:7777

2.tcp.ngrok.io:13109

Mutex

dW8XbmjCtqQS

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AsyncClient.exe

    • Size

      45KB

    • MD5

      2d6030914d86c50990e0c5c9694564e1

    • SHA1

      61a60c1d5912607e0324225a8ef57fcf6dc5d16f

    • SHA256

      4acd98781c77dc8b97fd5c7cee3d92cf48cb5262c1e118d5aa709959e410aa7f

    • SHA512

      f2c70d0ae837343fe77de7082a0d562ea88496b0bbb1197ccae841c26924c33cb00ab0ad050b1022fca166d64abbc12673a4a73007a751ed7738e50911ea3a62

    • SSDEEP

      768:mu/dRTUo0HQbWUnmjSmo2qMwKjPGaG6PIyzjbFgX3ihRUwEhNGeBDZyx:mu/dRTUPE2kKTkDy3bCXS0L75dyx

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks