General

  • Target

    2024-10-21_e24883b5ffe0aa95187331675aac64bf_mafia_rhadamanthys

  • Size

    2.4MB

  • Sample

    241021-2mppaashpn

  • MD5

    e24883b5ffe0aa95187331675aac64bf

  • SHA1

    2fb5c2df26733ddfe8a7d7da7169dc1d67765062

  • SHA256

    2ea9c996b35dd756d4aa0339f35f384ecdb34a171fd4e72327deec56ecae346d

  • SHA512

    6326e6c29e733d0533e3b6b17bdcc62535e0839f2488063498ada43214ffaffba59f3f0196ef10282077009bb279e147e554bfe92daf3cb484c6d4d60dbfd9f1

  • SSDEEP

    49152:voJ67eQD9rSllthuDZzjz4YVwPoIP6C1wGtaZXLVlOx9epr+P5Cbpf00DCc+FX7H:vngudzjz4YfIPz

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

21 OCTUBRE

C2

esteseslunesdio.duckdns.org:2248

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-10-21_e24883b5ffe0aa95187331675aac64bf_mafia_rhadamanthys

    • Size

      2.4MB

    • MD5

      e24883b5ffe0aa95187331675aac64bf

    • SHA1

      2fb5c2df26733ddfe8a7d7da7169dc1d67765062

    • SHA256

      2ea9c996b35dd756d4aa0339f35f384ecdb34a171fd4e72327deec56ecae346d

    • SHA512

      6326e6c29e733d0533e3b6b17bdcc62535e0839f2488063498ada43214ffaffba59f3f0196ef10282077009bb279e147e554bfe92daf3cb484c6d4d60dbfd9f1

    • SSDEEP

      49152:voJ67eQD9rSllthuDZzjz4YVwPoIP6C1wGtaZXLVlOx9epr+P5Cbpf00DCc+FX7H:vngudzjz4YfIPz

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks