General

  • Target

    8670471253cd842fa0a0afe38749d6c0N.exe

  • Size

    4.5MB

  • Sample

    240715-fj7vss1gqe

  • MD5

    8670471253cd842fa0a0afe38749d6c0

  • SHA1

    c9b2075a0984ceb3c961c2bb6534a606a0891ad9

  • SHA256

    cd98f4893c2034931017624abd750ff706fd80559500e1f5ddaca4103ab32d42

  • SHA512

    ea1d2bf2437c31331cb916526126f2607d634872f9c429d1faf15fba8fb361070c9c3268d0c6fdfd7623af01e8ef8aaeda88aaaf3c665cc3c4a973bba7da57aa

  • SSDEEP

    98304:IlMjkLSPPtL5u2/ZRkKsRmdcCZIa3FM+1ajfSEJsWOV1w98gdpTmH+my:VYEPt1uwRWm3Ia3FM+1amEalc8SpTM+/

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

107.175.101.134:6606

107.175.101.134:7707

107.175.101.134:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    WinUpdate2.4.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      8670471253cd842fa0a0afe38749d6c0N.exe

    • Size

      4.5MB

    • MD5

      8670471253cd842fa0a0afe38749d6c0

    • SHA1

      c9b2075a0984ceb3c961c2bb6534a606a0891ad9

    • SHA256

      cd98f4893c2034931017624abd750ff706fd80559500e1f5ddaca4103ab32d42

    • SHA512

      ea1d2bf2437c31331cb916526126f2607d634872f9c429d1faf15fba8fb361070c9c3268d0c6fdfd7623af01e8ef8aaeda88aaaf3c665cc3c4a973bba7da57aa

    • SSDEEP

      98304:IlMjkLSPPtL5u2/ZRkKsRmdcCZIa3FM+1ajfSEJsWOV1w98gdpTmH+my:VYEPt1uwRWm3Ia3FM+1amEalc8SpTM+/

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks