General

  • Target

    495897a0e9d55bbd06884df8b9b7c15d9c398e825538d7a235cbfb7d75d4b99e

  • Size

    3.6MB

  • Sample

    241025-271x2sxdjk

  • MD5

    81225dda9225995e9c584c9984119238

  • SHA1

    7f468d190e9a34db1357bdbe19911c0a8d427d3c

  • SHA256

    495897a0e9d55bbd06884df8b9b7c15d9c398e825538d7a235cbfb7d75d4b99e

  • SHA512

    59aaa60ceb8ec54c94d1affbe39a307713c3959601ec2d53884424308d553b296b4ae093b9c7222c38e5e006d1acac15a3e1b2239d7e42f09a7bca0d3909f304

  • SSDEEP

    49152:QWGtLBcXqxKT/msWkU0lcaX4YGamMZVE1s1bA4gK2nCR6SVb8kq4pgquLMMji4NR:UtLusqgwh4NYxtJpkxhGf333iHota

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

BLAS-25-LLEGADERA-PAINT

C2

puerto4001.duckdns.org:4001

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      495897a0e9d55bbd06884df8b9b7c15d9c398e825538d7a235cbfb7d75d4b99e

    • Size

      3.6MB

    • MD5

      81225dda9225995e9c584c9984119238

    • SHA1

      7f468d190e9a34db1357bdbe19911c0a8d427d3c

    • SHA256

      495897a0e9d55bbd06884df8b9b7c15d9c398e825538d7a235cbfb7d75d4b99e

    • SHA512

      59aaa60ceb8ec54c94d1affbe39a307713c3959601ec2d53884424308d553b296b4ae093b9c7222c38e5e006d1acac15a3e1b2239d7e42f09a7bca0d3909f304

    • SSDEEP

      49152:QWGtLBcXqxKT/msWkU0lcaX4YGamMZVE1s1bA4gK2nCR6SVb8kq4pgquLMMji4NR:UtLusqgwh4NYxtJpkxhGf333iHota

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks