General

  • Target

    file-ly5.bat

  • Size

    604B

  • Sample

    241029-3f9xba1je1

  • MD5

    a382e3f085e005edb9c5ea215109bb9b

  • SHA1

    e7454672385b823bd0e26eaaf092aa9f04607429

  • SHA256

    5b60f3dc0e0e96085cdddb8d8135eede32ccc9f0981996261a8cf27d4be2dbfb

  • SHA512

    bee9a075e2acb3c47c24590e0b98a0949d5b7d6a86f017b0290304413bbac3b25e89ea8549a0be4fdfb88604ce6d950a151b3cd3370b71aefa9fbce3273a87ee

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://u.to/nBL7IA

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:43655

excellent-waiver.gl.at.ply.gg:43655

tcp://gg123213123sadas-38622.portmap.host:43655

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      file-ly5.bat

    • Size

      604B

    • MD5

      a382e3f085e005edb9c5ea215109bb9b

    • SHA1

      e7454672385b823bd0e26eaaf092aa9f04607429

    • SHA256

      5b60f3dc0e0e96085cdddb8d8135eede32ccc9f0981996261a8cf27d4be2dbfb

    • SHA512

      bee9a075e2acb3c47c24590e0b98a0949d5b7d6a86f017b0290304413bbac3b25e89ea8549a0be4fdfb88604ce6d950a151b3cd3370b71aefa9fbce3273a87ee

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks