Overview

overview

10

Static

static

10

Install.cmd

windows7-x64

10

Install.cmd

windows10-2004-x64

10

Loader.exe

windows7-x64

10

Loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xMainDab1.rar

  • Size

    28KB

  • Sample

    240714-3hpn6axdpk

  • MD5

    7711ef6982aad3537bbb2ad306dffee2

  • SHA1

    da3e21b6964e61829b10fb4b53680827f2fdb1cc

  • SHA256

    e2025b1f07285cf7a6cb0dbcd05933db631202a3af5af06719548f01ba2fe73f

  • SHA512

    39c413b512b3809a79d27e118ebaddd2a50cc679b5a38c1166e24ecdc66b2d853c3868d8ce98fcb05d99f32d9e9dbd3af23131f2b825d7cac30bdc4e16147aca

  • SSDEEP

    768:BiMXBSYAZLEVkN/VNbfc5NcyEnShO6oqtu+/V18mbI:BRXBoZLrNfTmTeeZu+/m

Score
10/10
asyncratdefaultexecutionrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

anyone-blogging.gl.at.ply.gg:22284

Attributes
  • delay

    1

  • install

    true

  • install_file

    Windows.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Install.cmd

    • Size

      407B

    • MD5

      d605e519c8fb10ecc49055af63c0f213

    • SHA1

      a69b61879040aa541258035461260159ea51369a

    • SHA256

      1452be84cfc1ea5aee5db2011fe8e2a5b72ff2fe637b77696d720734f58eac89

    • SHA512

      304e8825d0afa6f7235859bb2083d728510d48806b06214225978592e8c4f8d065e1bcf3ca9eb39d4312b762a83e1054237d11cecbb3347ef4868bb4574b0e2b

    Score
    10/10
    asyncratdefaultexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      Loader.exe

    • Size

      63KB

    • MD5

      004ba87604ac07c77d161b96bfd97a34

    • SHA1

      8f089b87f831946c617af9702ba79d20ddaf7394

    • SHA256

      bfbef5852faa1e2de88f380c620af93eb08114363c1d72d74d5809e7ff70f881

    • SHA512

      322a6fc44d0390ad55a7bf0cfe268814e00df2e757a8088d11d7addd9d2b089e4c62d4c955f2272b7ec50033e68a59f72778912cbae125e01c5b74c1b2909b8a

    • SSDEEP

      768:Cuw6LVcsTPq781wC8A+Xjapeyr61urX1+T4uoSBGHmDbDTph0oXzkKhbSuEdpqKX:LeQPcUn0tYUbJh9zkw+uEdpqKmY7

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks