General

  • Target

    2877b836a3bad1cc424de7cc2163ca15

  • Size

    26.0MB

  • Sample

    240718-y54pdavbnp

  • MD5

    2877b836a3bad1cc424de7cc2163ca15

  • SHA1

    dc90457ed659c7fc10335fa88cb1721c9dbff997

  • SHA256

    8e761990bd71d47cdb207f1492a9e4ade71ad95c1eaed69a3826e9ee5b74306a

  • SHA512

    36ec4916eb446233c65f37094756af10b4929296e8159022138eca11033ac1325fdc44087206c5bc82207873a0cec9523fc3315164637b268ef9fd07697e1523

  • SSDEEP

    24576:zJjNdtJBrygcVrMvUePvW1O6fNHqJJoMw8clJop3EQ3gOsvS3fvFc:LJpaVrMvUePvWg6tCowLgO8svF

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

17-Julio

C2

dashboard.dynuddns.com:22077

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2877b836a3bad1cc424de7cc2163ca15

    • Size

      26.0MB

    • MD5

      2877b836a3bad1cc424de7cc2163ca15

    • SHA1

      dc90457ed659c7fc10335fa88cb1721c9dbff997

    • SHA256

      8e761990bd71d47cdb207f1492a9e4ade71ad95c1eaed69a3826e9ee5b74306a

    • SHA512

      36ec4916eb446233c65f37094756af10b4929296e8159022138eca11033ac1325fdc44087206c5bc82207873a0cec9523fc3315164637b268ef9fd07697e1523

    • SSDEEP

      24576:zJjNdtJBrygcVrMvUePvW1O6fNHqJJoMw8clJop3EQ3gOsvS3fvFc:LJpaVrMvUePvWg6tCowLgO8svF

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks