General

  • Target

    d95d86d3dfa00faeb72ade358523e4b111479f8aa93a8ed32a6944f2b9de5772

  • Size

    486KB

  • Sample

    241021-yn6gmsverr

  • MD5

    df41bbafd2c6b4c964d26370a6c1afca

  • SHA1

    892ca50a7b6f4c791cf7f0576f990a17de3dfa15

  • SHA256

    d95d86d3dfa00faeb72ade358523e4b111479f8aa93a8ed32a6944f2b9de5772

  • SHA512

    7d86bf6ce4feaa9815ea4a31c8dfe74f72aefb97e4064ebfb7f0505cf21ab2830051b43ca662f4432ef40a0e97162b212dd459909c489fbc4ad754be12fa1888

  • SSDEEP

    12288:IAWO66F7o80mzyfHeVoEqHEjTDYNkCyLl6J+qJ9:IAi6F7o8Nc+SYTDYkJ6J+s

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

zaragoza.ddns.net:5480

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    fwqoouQWEGr.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PG03360126-ES6378027-GH093773S68-56372227.exe

    • Size

      1003KB

    • MD5

      b44079d5d3715e31a4dd4c13ad899fd4

    • SHA1

      9fbcddfebfd05586a7b31703e4ad110c066078eb

    • SHA256

      06b9d622ecd26a0f75180459d60b4b1554d173f20b81c59b63c7b920fb0d03d8

    • SHA512

      92890be215c9591cab70b27b0bad722a6b272b4689b4a893c81092b3fae67923ca7ca8f624958b05feae9998e5544c43d2b80d1cccd7c69a1275dd6b0f7bddb2

    • SSDEEP

      24576:gAHnh+eWsN3skA4RV1Hom2KXMmHa3Asa74d3xM95:Xh+ZkldoPK8Ya3AT8VxW

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks