General

  • Target

    631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730.exe

  • Size

    63KB

  • Sample

    241121-yvd1za1jdr

  • MD5

    1636769fc06d9392049e48f3774517fe

  • SHA1

    1bd081c4546bf97630aba694500c449fd4d15b4b

  • SHA256

    631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730

  • SHA512

    8f3c068ff1a5a4be901cad60517f9ada23905d4726435a575a259dd29e9f9b94d447f85933044600ef5afd9607e3fb980ca6d7c32c6237291dcd065ec615b08d

  • SSDEEP

    1536:PmImx6tX2kNff4sKu+UYFv0DQgb1APVmIcrPlTGBxK:Pm9x6tmkN7Ku+UYFfgb16mIcd6xK

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

*** 19 NOV ***

C2

19nov2024.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730.exe

    • Size

      63KB

    • MD5

      1636769fc06d9392049e48f3774517fe

    • SHA1

      1bd081c4546bf97630aba694500c449fd4d15b4b

    • SHA256

      631f9e498289dbc6c16e5dd35c516641016e0f0169bc422cb4f8114a78b25730

    • SHA512

      8f3c068ff1a5a4be901cad60517f9ada23905d4726435a575a259dd29e9f9b94d447f85933044600ef5afd9607e3fb980ca6d7c32c6237291dcd065ec615b08d

    • SSDEEP

      1536:PmImx6tX2kNff4sKu+UYFv0DQgb1APVmIcrPlTGBxK:Pm9x6tmkN7Ku+UYFfgb16mIcd6xK

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks