General

  • Target

    ae26ace2f3bcb3c94a3a8af4a6684da129aa08d73c18a5311d7491d006b20042.exe

  • Size

    497KB

  • Sample

    241022-b75m5azdkc

  • MD5

    8d664129af173ed945236efb82d4ad67

  • SHA1

    7e0f8f79786ebbeb561171032ea65fcfcd6db437

  • SHA256

    ae26ace2f3bcb3c94a3a8af4a6684da129aa08d73c18a5311d7491d006b20042

  • SHA512

    a0217bf3c09b55b56a2b1d2e520406c920ebe9397e0b8054810244be5c01674695615f90c180ae17b3797886a0829744a576b98adde24b8523b681b8b4bcc1ba

  • SSDEEP

    12288:9dSkhMOoltiJWCjRPuUW8FmGevNPJWBG9ythzO40BUhq:DSkh5oDiJhuUdyPJWBGYthzOBBJ

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

COKE

C2

quin.ydns.eu:1962

Mutex

8xLI57IVXCDFxeWa@

Attributes
  • delay

    3

  • install

    true

  • install_file

    windowsBook.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      ae26ace2f3bcb3c94a3a8af4a6684da129aa08d73c18a5311d7491d006b20042.exe

    • Size

      497KB

    • MD5

      8d664129af173ed945236efb82d4ad67

    • SHA1

      7e0f8f79786ebbeb561171032ea65fcfcd6db437

    • SHA256

      ae26ace2f3bcb3c94a3a8af4a6684da129aa08d73c18a5311d7491d006b20042

    • SHA512

      a0217bf3c09b55b56a2b1d2e520406c920ebe9397e0b8054810244be5c01674695615f90c180ae17b3797886a0829744a576b98adde24b8523b681b8b4bcc1ba

    • SSDEEP

      12288:9dSkhMOoltiJWCjRPuUW8FmGevNPJWBG9ythzO40BUhq:DSkh5oDiJhuUdyPJWBGYthzOBBJ

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks