General

  • Target

    AsyncClient3.exe

  • Size

    45KB

  • Sample

    241104-brfdassmbm

  • MD5

    f4b16eb57365d7cc4cb3bb9065673948

  • SHA1

    69a9fdeba01596dc9f6c90a035172463dcf45502

  • SHA256

    b0c5e10956411ab754000147b9fc6060eceb7444ce900a56fe4e26e179aa9ffb

  • SHA512

    313ae454b00a9682e86720ced7f4c5f2fe2c4ddcbb0734a2c0a2dbad5f43c1fae7bf25c1a03192854b8a04afeedcc78c1916570fe1b90ef86be948b3e5c5316a

  • SSDEEP

    768:yuYHKTsufqG9vSLjWUvlPRmo2qbg6+mkUWYgfBPIizjbkgX3iezn2zPNoBDZqx:yuYHKTsjMvSX2Ikjd2i3brXS0n2zFOdo

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

E2qgtjRHaRSi

Attributes
  • delay

    3

  • install

    true

  • install_file

    Java updater.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      AsyncClient3.exe

    • Size

      45KB

    • MD5

      f4b16eb57365d7cc4cb3bb9065673948

    • SHA1

      69a9fdeba01596dc9f6c90a035172463dcf45502

    • SHA256

      b0c5e10956411ab754000147b9fc6060eceb7444ce900a56fe4e26e179aa9ffb

    • SHA512

      313ae454b00a9682e86720ced7f4c5f2fe2c4ddcbb0734a2c0a2dbad5f43c1fae7bf25c1a03192854b8a04afeedcc78c1916570fe1b90ef86be948b3e5c5316a

    • SSDEEP

      768:yuYHKTsufqG9vSLjWUvlPRmo2qbg6+mkUWYgfBPIizjbkgX3iezn2zPNoBDZqx:yuYHKTsjMvSX2Ikjd2i3brXS0n2zFOdo

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks