General
-
Target
SolaraB2.1.exe
-
Size
913KB
-
Sample
240710-mpl9lsvemc
-
MD5
db39b0a64d84df3f0b7caf332ffd2046
-
SHA1
7d8d8f7a71974768c9e8d97e55ae1ffef976839e
-
SHA256
4b2c10c568576e5c5c28924c9b97c7a4043c305659d09414ba81c292b129398f
-
SHA512
e51e5939efe4f1799043fd9af4612b3443a59431237c36406675a7fae436936b735b940c77c0359e54edff4d59c2fcb9166819cf651ad7ef8100294e34269c58
-
SSDEEP
12288:m4D70cl1mzgHpbzEu8AgpQojA1j855xU9pHIRxSNN:me5/mzgH385QojA1j855xSHI
Malware Config
Extracted
asyncrat
1.0.7
Default
iraq-global.gl.at.ply.gg:3816
KsnES@kNaa
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SolaraB2.1.exe
-
Size
913KB
-
MD5
db39b0a64d84df3f0b7caf332ffd2046
-
SHA1
7d8d8f7a71974768c9e8d97e55ae1ffef976839e
-
SHA256
4b2c10c568576e5c5c28924c9b97c7a4043c305659d09414ba81c292b129398f
-
SHA512
e51e5939efe4f1799043fd9af4612b3443a59431237c36406675a7fae436936b735b940c77c0359e54edff4d59c2fcb9166819cf651ad7ef8100294e34269c58
-
SSDEEP
12288:m4D70cl1mzgHpbzEu8AgpQojA1j855xU9pHIRxSNN:me5/mzgH385QojA1j855xSHI
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-