General

  • Target

    De4dot [Modded ArmDot].rar.zip

  • Size

    1.6MB

  • Sample

    240809-njmhvszeml

  • MD5

    65eac0d399f8d77cdd49c0fe9be0d3ef

  • SHA1

    3dbf25c4f491318b4434a6d38535fa3ca238a3e4

  • SHA256

    36af16f1951a6edc1cbcd5a15c4bc1a68b2ce829a632e5ff2f37cf2167eac659

  • SHA512

    9f351feb4ba5aa897d2e697b0b7d6426591d3671761ae557e2ad3f2f6fd4dc9a7c351fae6de12cd18702bf16527887c03e57200f329f85f3f08596f8690192b8

  • SSDEEP

    49152:4JxKaBzsLRFbwBulRxN/1hvztB0WDoSzSohNP4Kp7odiw3iBTqt:4JxKaR+R5BUmrLNoUw2ut

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

D4Dot

C2

154.61.75.91:4449

Attributes
  • delay

    1

  • install

    true

  • install_file

    D4dot.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      De4dot [Modded ArmDot].rar

    • Size

      1.6MB

    • MD5

      342e5985f616e188d6c8e36646c64afa

    • SHA1

      5a63d72d930d84099132e26191d7744ebc59eebb

    • SHA256

      e78ca92972b835e979464db8ace1c68f41091a442caff0009076155c8fefe285

    • SHA512

      eafb9b599cf8a4fc4f598745a0c21e9358560fcfac4d6e32674bc7cdd1e391d11a831fe0519005c767071a030fc55fae71f45373406d150a3923164553c994c1

    • SSDEEP

      49152:sC+xacTJtRU+AkF97tPnq+xacTJtRU+A9yVKn2IuA/:OJ2wD7t/J2M83uG

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks