General

  • Target

    c9866af2cb943cbe5f4d971518d30ec93e686e8d8e31345fe0e923c0ec121603.exe

  • Size

    2.6MB

  • Sample

    240711-dftsnaxfmg

  • MD5

    dd007b6a486b6336cea0c9c2dfd307ca

  • SHA1

    f9d1987deb32ae3b244ba8b281d3c75ea149979d

  • SHA256

    c9866af2cb943cbe5f4d971518d30ec93e686e8d8e31345fe0e923c0ec121603

  • SHA512

    210e997ec4e5b8c64539b19052e694fea48415f1100d0f1d2dae418f5a6e7ec032f9e328dbb7af6b299614b402b9ebc6720a256a3c058b177a830b78783a7dd4

  • SSDEEP

    49152:CHV9arGDFfPHRi63T+reNM7I2BnJGQ2sqmsSql2ESrB6jPF:CHkGNPxT6r08p32m9G7SmF

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

ZZZ6

C2

andresarbosa2003.con-ip.com:4040

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
AYB8ooM3Klci2ktfKGQedqJwD7L1Buj6

Targets

    • Target

      c9866af2cb943cbe5f4d971518d30ec93e686e8d8e31345fe0e923c0ec121603.exe

    • Size

      2.6MB

    • MD5

      dd007b6a486b6336cea0c9c2dfd307ca

    • SHA1

      f9d1987deb32ae3b244ba8b281d3c75ea149979d

    • SHA256

      c9866af2cb943cbe5f4d971518d30ec93e686e8d8e31345fe0e923c0ec121603

    • SHA512

      210e997ec4e5b8c64539b19052e694fea48415f1100d0f1d2dae418f5a6e7ec032f9e328dbb7af6b299614b402b9ebc6720a256a3c058b177a830b78783a7dd4

    • SSDEEP

      49152:CHV9arGDFfPHRi63T+reNM7I2BnJGQ2sqmsSql2ESrB6jPF:CHkGNPxT6r08p32m9G7SmF

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.