General

  • Target

    ee09886f3c9784ae22fb2bd12351783814550e3c0eccd7a164bdacc5e148f3a8.7z

  • Size

    944KB

  • Sample

    241021-v9hqxs1hll

  • MD5

    9c1c556e36f4ddb4e4d6062cf6d9491f

  • SHA1

    13ef0a4eefa7c6465e18d25c05501532cc9be2e6

  • SHA256

    e8b6b4d0c39106418efaef9c506a6f070c0a1db5cf076449daa344012c37611f

  • SHA512

    621aeaa724e1192e82c629d893283c2b7426118e9a406e3e781d5443b90ebb0452619010012a5f2f537f7f29fbd0dfd98ec106da02d06df7c74f90219c2dcd71

  • SSDEEP

    12288:B7dpJ9gUtywFnlg4EB3XX8gnav3gucJnAo2P70kjqY3ZuWw0ZfJJeD59dWhZklDY:5LgEoDBX8+hnA3JwwhJOmXOzA

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

PRUEBA

C2

comienza.ddnsking.com:7707

Mutex

uuooxuxbnkywum

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ee09886f3c9784ae22fb2bd12351783814550e3c0eccd7a164bdacc5e148f3a8

    • Size

      995KB

    • MD5

      bef9c223661b9fd330a9bca18ca4f31a

    • SHA1

      75b6e9ff522515616ac70389d9027e10c3908dff

    • SHA256

      ee09886f3c9784ae22fb2bd12351783814550e3c0eccd7a164bdacc5e148f3a8

    • SHA512

      91593de6ccf9b8684c0100991e0c445e86cacb20ee45976258fe8e2ec869ab58b938b3025e0917b934c10ef0c91c32a8a0dac7910798c1a2253b42d840c27648

    • SSDEEP

      24576:/CC0++MPRYYJRMaE6kKP9uI0omzuncxXjlupL1aRfX:XRYIRML6TT0RzuncxIpal

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks