General

  • Target

    e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832

  • Size

    534KB

  • Sample

    241121-yy9baawpey

  • MD5

    9533800ff0c1ef9979f705d23d0a625a

  • SHA1

    818521b032199079f6757cad27c3f5f073a131f6

  • SHA256

    e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832

  • SHA512

    7f4866986310f3b20e5fdcd46f4cb61fb2d8d6c840457b77ffd1378a84901345b2e6a6b4864836eafd5b8f9764871c255feb88a0adf5b2cfee06962f403128ae

  • SSDEEP

    12288:ZBBJwlsFlt4krssP9go6toOmpb0l65xraLr:5mibd1gbwpbW65x

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

COKE

C2

quin.ydns.eu:1962

quin.ydns.eu:1940

185.38.142.240:1962

185.38.142.240:1940

Mutex

dLOEY8XRq1oB

Attributes
  • delay

    3

  • install

    false

  • install_file

    windowsBook.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832

    • Size

      534KB

    • MD5

      9533800ff0c1ef9979f705d23d0a625a

    • SHA1

      818521b032199079f6757cad27c3f5f073a131f6

    • SHA256

      e64bf07778d6213ab62a2e94e764053d4378192b836715aa6552405de1e15832

    • SHA512

      7f4866986310f3b20e5fdcd46f4cb61fb2d8d6c840457b77ffd1378a84901345b2e6a6b4864836eafd5b8f9764871c255feb88a0adf5b2cfee06962f403128ae

    • SSDEEP

      12288:ZBBJwlsFlt4krssP9go6toOmpb0l65xraLr:5mibd1gbwpbW65x

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks