General

  • Target

    Infected.exe

  • Size

    63KB

  • Sample

    241029-z36xdsyngt

  • MD5

    a7c26ab151b92030caf4749465e4f44b

  • SHA1

    c85036b807097092cacb73e8556147a8c39ae8d0

  • SHA256

    c8cbfb3c5fd7fd536d8ea745d41eeae0703567ecd76e26702ff536119fa57ff8

  • SHA512

    6d0f3da13bb66f8786ca56b85baa779ade9b2009d03839acee89a6688bfb31bb811fe0d85c9509ee2b21b262c4599db257aa19f0a932ba7e46a5ab0ceb462069

  • SSDEEP

    768:t9H1Fn3n9P78zQC8A+XvSazcBRL5JTk1+T4KSBGHmDbD/ph0oXtTDdQhESugdpqM:DX9x0dSJYUbdh9tXCBugdpqKmY7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes
  • delay

    1

  • install

    true

  • install_file

    AnarchyRat.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Infected.exe

    • Size

      63KB

    • MD5

      a7c26ab151b92030caf4749465e4f44b

    • SHA1

      c85036b807097092cacb73e8556147a8c39ae8d0

    • SHA256

      c8cbfb3c5fd7fd536d8ea745d41eeae0703567ecd76e26702ff536119fa57ff8

    • SHA512

      6d0f3da13bb66f8786ca56b85baa779ade9b2009d03839acee89a6688bfb31bb811fe0d85c9509ee2b21b262c4599db257aa19f0a932ba7e46a5ab0ceb462069

    • SSDEEP

      768:t9H1Fn3n9P78zQC8A+XvSazcBRL5JTk1+T4KSBGHmDbD/ph0oXtTDdQhESugdpqM:DX9x0dSJYUbdh9tXCBugdpqKmY7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks