General

  • Target

    Krishna33.exe

  • Size

    97KB

  • Sample

    241031-vg4gxssalq

  • MD5

    1ebef0766160be26918574b1645c1848

  • SHA1

    c30739eeecb96079bcf6d4f40c94e35abb230e34

  • SHA256

    3e664b59ba376749eb9b596b6499bf7edcec5d34382ead80964f9fe92a4c3c83

  • SHA512

    01c42bb22a92543a3408c6f420593443357a53915937341b5eaf8563ee775dbdeba7af38e2df9c9cf249a512a5a42c65c4c4d39d100e8a4143e58fd235b85951

  • SSDEEP

    1536:ou1a21T3xN2s/tH3bPXSiTbgd2HJ0cYeWQzPhOvVihneW9+e2:ouc6T3xN28tH3bPfIK0wz5OdRSN2

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

1.tcp.ap.ngrok.io:21049

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    chrome.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Krishna33.exe

    • Size

      97KB

    • MD5

      1ebef0766160be26918574b1645c1848

    • SHA1

      c30739eeecb96079bcf6d4f40c94e35abb230e34

    • SHA256

      3e664b59ba376749eb9b596b6499bf7edcec5d34382ead80964f9fe92a4c3c83

    • SHA512

      01c42bb22a92543a3408c6f420593443357a53915937341b5eaf8563ee775dbdeba7af38e2df9c9cf249a512a5a42c65c4c4d39d100e8a4143e58fd235b85951

    • SSDEEP

      1536:ou1a21T3xN2s/tH3bPXSiTbgd2HJ0cYeWQzPhOvVihneW9+e2:ouc6T3xN28tH3bPfIK0wz5OdRSN2

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks