General

  • Target

    build.exe

  • Size

    3.5MB

  • Sample

    241030-ss225awdqe

  • MD5

    c9d5e28ae4638f8db2e112ec80158d0a

  • SHA1

    e5e5aa59eadf80c9725ca26ee95e3af214c7146d

  • SHA256

    1099a5fc3d5bd8c7250a34b90eecc9d53db92d7659e1f13440a84a4ee6380a83

  • SHA512

    16208beef3beefd449840c19945ebdee8fe60e57aa188e7f5bb793550c4d8afbef1f0395f75942a852cf9abe35d25b5ef530a3640b67c26f247a023b92d94329

  • SSDEEP

    49152:WLJwSihjOb6GLb4SKEs3DyOMCSt0+yO3A32AS+Tv+mNwgDF/Jg58d3DV7n0wsPlo:SwSi0b67zeCSt0+yO3kSat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

25 OCTUBRE

C2

diosestasiempre.duckdns.org:2247

Mutex

estees

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      build.exe

    • Size

      3.5MB

    • MD5

      c9d5e28ae4638f8db2e112ec80158d0a

    • SHA1

      e5e5aa59eadf80c9725ca26ee95e3af214c7146d

    • SHA256

      1099a5fc3d5bd8c7250a34b90eecc9d53db92d7659e1f13440a84a4ee6380a83

    • SHA512

      16208beef3beefd449840c19945ebdee8fe60e57aa188e7f5bb793550c4d8afbef1f0395f75942a852cf9abe35d25b5ef530a3640b67c26f247a023b92d94329

    • SSDEEP

      49152:WLJwSihjOb6GLb4SKEs3DyOMCSt0+yO3A32AS+Tv+mNwgDF/Jg58d3DV7n0wsPlo:SwSi0b67zeCSt0+yO3kSat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks