General

  • Target

    juepta.7z

  • Size

    18KB

  • Sample

    241117-y6yjraxhlm

  • MD5

    a577c95fba2b8becd8f4fb963f25cb22

  • SHA1

    01f874c1abc88cf0eea294ca7265ba9f8d7ff033

  • SHA256

    c81b0cd26f92c566a1619d8a740da1e7ffa3e3d605fccccb5f3b3a075fb9e8cb

  • SHA512

    b2e1e51a108526e29e6edfa4342f10df0765159c16ba3d6a77dc2e68f78d849b19ebf9e602f09fa7d57911d0f256c1d9bfad35dde3b57307b675a35ef0781507

  • SSDEEP

    384:rB+8b/oGiZ3Z5+D4wbdA4M99yFUI5I1XqX6p0242vSKF/LZe1VFnIbS:l+8b/0LmNy9Kye6pP42vlDc1TmS

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:4782

127.0.0.1:3425

Cristopher11sa-62565.portmap.host:6606

Cristopher11sa-62565.portmap.host:7707

Cristopher11sa-62565.portmap.host:8808

Cristopher11sa-62565.portmap.host:4782

Cristopher11sa-62565.portmap.host:3425

190.104.116.8:6606

190.104.116.8:7707

190.104.116.8:8808

190.104.116.8:4782

190.104.116.8:3425

azxq0ap.localto.net:6606

azxq0ap.localto.net:7707

azxq0ap.localto.net:8808

azxq0ap.localto.net:4782

azxq0ap.localto.net:3425

Mutex

E2qgtjRHaRSi

Attributes
  • delay

    3

  • install

    false

  • install_file

    Java updater.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      juepta.7z

    • Size

      18KB

    • MD5

      a577c95fba2b8becd8f4fb963f25cb22

    • SHA1

      01f874c1abc88cf0eea294ca7265ba9f8d7ff033

    • SHA256

      c81b0cd26f92c566a1619d8a740da1e7ffa3e3d605fccccb5f3b3a075fb9e8cb

    • SHA512

      b2e1e51a108526e29e6edfa4342f10df0765159c16ba3d6a77dc2e68f78d849b19ebf9e602f09fa7d57911d0f256c1d9bfad35dde3b57307b675a35ef0781507

    • SSDEEP

      384:rB+8b/oGiZ3Z5+D4wbdA4M99yFUI5I1XqX6p0242vSKF/LZe1VFnIbS:l+8b/0LmNy9Kye6pP42vlDc1TmS

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks