General

  • Target

    2024-10-23_23a61b4bc52eec16ca175f89130152d1_mafia_rhadamanthys

  • Size

    2.4MB

  • Sample

    241023-ljz3vavbrj

  • MD5

    23a61b4bc52eec16ca175f89130152d1

  • SHA1

    84288eae6068327c204ad0852e1b103b72e81be7

  • SHA256

    2cdb36a2a38a7704e0cf4b0064efa30e5abfbd5b67db1f9cdeb4f2dc74d220fe

  • SHA512

    4c8171914e995d1b757e71e9ed7d1f03212489374a5d37d2d28f721d90b3bde3406c20ac19dbeb15f8b0740390ff65dc7509ff3e3ba7aba9c93784f8b66fd3db

  • SSDEEP

    49152:eED+oJ67eQD9rSl3thuDZzjz4YVwH12jVcf:eY+nGudzjz4Ylj6f

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

OCT-21_NEW

C2

puerto4000.duckdns.org:4000

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2024-10-23_23a61b4bc52eec16ca175f89130152d1_mafia_rhadamanthys

    • Size

      2.4MB

    • MD5

      23a61b4bc52eec16ca175f89130152d1

    • SHA1

      84288eae6068327c204ad0852e1b103b72e81be7

    • SHA256

      2cdb36a2a38a7704e0cf4b0064efa30e5abfbd5b67db1f9cdeb4f2dc74d220fe

    • SHA512

      4c8171914e995d1b757e71e9ed7d1f03212489374a5d37d2d28f721d90b3bde3406c20ac19dbeb15f8b0740390ff65dc7509ff3e3ba7aba9c93784f8b66fd3db

    • SSDEEP

      49152:eED+oJ67eQD9rSl3thuDZzjz4YVwH12jVcf:eY+nGudzjz4Ylj6f

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks