General

  • Target

    9D1E589EA8C4B3C59D3FB46AFA940DA5.exe

  • Size

    238KB

  • Sample

    241026-h6m51syqdl

  • MD5

    9d1e589ea8c4b3c59d3fb46afa940da5

  • SHA1

    817bf841284e0279d15cb27f73a0939344dfb811

  • SHA256

    9164f89ff66d0726e661c46dbafabf82c477a61b6d9a231170fd26910997c8ed

  • SHA512

    a7db38a58cf9580c987fe6c3293dc279a67458850862d86d0cc60fb7c9213bf92311be2a8ac44ae055fd24619df8f76d33f32835a254d386e4e53e2602d63ac2

  • SSDEEP

    3072:/Yzwrq5J9SwHMFF9Kw/kxLk42s/8Y31/Yvi9GA54IkMwP5gMTmmsolNIrRuw+mqM:A9zHMFF9KxLp8YFgvwmZrTmDAN

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

54.253.7.109:4447

Mutex

XqcNee3124zJ

Attributes
  • delay

    21

  • install

    true

  • install_file

    service.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      9D1E589EA8C4B3C59D3FB46AFA940DA5.exe

    • Size

      238KB

    • MD5

      9d1e589ea8c4b3c59d3fb46afa940da5

    • SHA1

      817bf841284e0279d15cb27f73a0939344dfb811

    • SHA256

      9164f89ff66d0726e661c46dbafabf82c477a61b6d9a231170fd26910997c8ed

    • SHA512

      a7db38a58cf9580c987fe6c3293dc279a67458850862d86d0cc60fb7c9213bf92311be2a8ac44ae055fd24619df8f76d33f32835a254d386e4e53e2602d63ac2

    • SSDEEP

      3072:/Yzwrq5J9SwHMFF9Kw/kxLk42s/8Y31/Yvi9GA54IkMwP5gMTmmsolNIrRuw+mqM:A9zHMFF9KxLp8YFgvwmZrTmDAN

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks