General

  • Target

    df41bbafd2c6b4c964d26370a6c1afca.bin

  • Size

    486KB

  • Sample

    241021-yn3ezsverl

  • MD5

    61c76918868182b15baf2fbd63e0d2da

  • SHA1

    c6c03905f01e85e8a7bfe6c80beed7409d987823

  • SHA256

    ec1801ff79dcf59dfaf2a22c69769a9482edbe46847d9944f27105b2634e9807

  • SHA512

    499c7d0c1aa9d1e3f54954df051374e2d61af586a36eafa0198da6a0c9eab855db6792842e0afdd71f80ff189ad1b912cdeb9909be7c1edf69f311b1695f250b

  • SSDEEP

    12288:fpBqaB830hQAgMQijpgh4Jhr0Y5AfV+1OUSCSzRnG3/erTAGRPWEP:fpQw830hJQmTPoEs8aTAGRuEP

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

zaragoza.ddns.net:5480

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    fwqoouQWEGr.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PG03360126-ES6378027-GH093773S68-56372227.exe

    • Size

      1003KB

    • MD5

      b44079d5d3715e31a4dd4c13ad899fd4

    • SHA1

      9fbcddfebfd05586a7b31703e4ad110c066078eb

    • SHA256

      06b9d622ecd26a0f75180459d60b4b1554d173f20b81c59b63c7b920fb0d03d8

    • SHA512

      92890be215c9591cab70b27b0bad722a6b272b4689b4a893c81092b3fae67923ca7ca8f624958b05feae9998e5544c43d2b80d1cccd7c69a1275dd6b0f7bddb2

    • SSDEEP

      24576:gAHnh+eWsN3skA4RV1Hom2KXMmHa3Asa74d3xM95:Xh+ZkldoPK8Ya3AT8VxW

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks