General

  • Target

    cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1

  • Size

    48KB

  • Sample

    241026-dk835swmgq

  • MD5

    89e08f42736cac8b697ffda76d4f2d73

  • SHA1

    f51cfed16178cb0baeb89a3e86a3d0d4c663d70e

  • SHA256

    cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1

  • SHA512

    d8d073e467a54b2556015702d49af91c68f0febf2d61247f9a9c54e9ebcaa7099446f99a3c70349e4a629a46dba2796bdc78f54e9a692166cd11bd8cf43dd69d

  • SSDEEP

    768:quqJ1TUo0+Q4WUmmjSmo2qMk9h1qpzm/kPI5V5YDZeU0bL28s189HX6PEW/haoyp:quqJ1TU2e2yam/J5V5Y8bL25UHKceHdM

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

37.112.34.178:1070

Mutex

gnRQgC1xq8fz

Attributes
  • delay

    3

  • install

    true

  • install_file

    MoUsoCoreWorker.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1

    • Size

      48KB

    • MD5

      89e08f42736cac8b697ffda76d4f2d73

    • SHA1

      f51cfed16178cb0baeb89a3e86a3d0d4c663d70e

    • SHA256

      cab2ada39e0f2598b71fcc7285104fd686395c9c38dc4a307d0fb104578a04a1

    • SHA512

      d8d073e467a54b2556015702d49af91c68f0febf2d61247f9a9c54e9ebcaa7099446f99a3c70349e4a629a46dba2796bdc78f54e9a692166cd11bd8cf43dd69d

    • SSDEEP

      768:quqJ1TUo0+Q4WUmmjSmo2qMk9h1qpzm/kPI5V5YDZeU0bL28s189HX6PEW/haoyp:quqJ1TU2e2yam/J5V5Y8bL25UHKceHdM

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks