General
-
Target
fae05fdea23967fef0ebf7345ad89308dd1d662e
-
Size
205KB
-
Sample
241111-eyzx3asfrj
-
MD5
ca49c03893118f027cb9068496f1c751
-
SHA1
fae05fdea23967fef0ebf7345ad89308dd1d662e
-
SHA256
4328098ccec01385575732e4e8d27ca234132d7714801ce75cb343f8b943e806
-
SHA512
7f624bf10f5d3523f12bcc7963376e4a933e53a175d1387237164ef653747c281857e4c09c1fa9109a87b7f7b6e1fa9edc6dc898a3f1eb6e346bc4243d6c5e92
-
SSDEEP
6144:AxoGIfLv6Ov5ycaafyqtp6HsyCQh62Le51A35:AxozWGvX6Hsyl02AAp
Malware Config
Extracted
asyncrat
1.0.7
Pou
R4rg
-
delay
1
-
install
true
-
install_file
Runtime Broker.exe
-
install_folder
%Temp%
-
pastebin_config
https://pastebin.com/raw/SctPUR4x
Targets
-
-
Target
script_rust Autogun.exe
-
Size
158KB
-
MD5
e2a386c9361821a799e06ec0d2bd00d4
-
SHA1
8c021c9435c6dd9afa0fc831f6d678c070fa569b
-
SHA256
ad09b83fa9f8d736fad4a986c8163715d5527610929d9f0f7afd1db28824288c
-
SHA512
246154bf280f4d92c1f61fc5705e4258a82602f566135caec6e54e6e531215f3aac51470cd3e58a69e6eea0d0b9595c180c5db9b90ebd2616c9aca3ed4f3f9fc
-
SSDEEP
3072:z5RpQAYz728HyfLAp5evKcoOGSyViThMRKXBwLs/z0wKLA0WeGZ0gTypY:tnvYz728YPjgKXAs/sLA0W9ZX
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
script_rust.exe
-
Size
124KB
-
MD5
4d894c11b710d9fe8de95e01d588692c
-
SHA1
f6aa2631924bf057fade84729dd98a286d99b61e
-
SHA256
2b4e72cae6a923a5b1edde1c8bc0e47d25e3506b69a14363295a248c8b05b587
-
SHA512
c963aaed40e4a7bebe8d0f90eda21a68ab96f9fadad70078b0b7747e9d7106f25ec430e7cf1419ecdafb4caddfd67edf69cfb1a24f231434ba8fb11e689709b9
-
SSDEEP
3072:YpzMJvf/O6974gOLThlg4JBZzNOcDjGx7h9QEmL9fYzU:uz+f/7gsq1NOcDyxbnmZfCU
Score1/10 -