General

  • Target

    rizz.exe

  • Size

    72KB

  • Sample

    241126-em1p8atlft

  • MD5

    b34928c5afd20368c2810613c4a550d2

  • SHA1

    ac281837cacfc3409e7a41b7230989c3774ba4e2

  • SHA256

    3193f135e199228a2d3b3a61e04ff5d82bf8669b1b3380b22f537ed7c7e06261

  • SHA512

    a2661d23e15737fb1e069329f9527dcdc71b2332fc4dd2edd4910c4bccc474702e0c964a92ba4687b62dba37bf1da0935b8bd49374fdd0ceea7e6b1836647d10

  • SSDEEP

    1536:ACyyQm2As0GWzbzXvMgYM51yVKNY9sUIdshOCOwX0ttdk61E8Ygiyw:ACyyZVGobzAAy0NFdsh/OXtdkqBS

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

comment-mar.gl.at.ply.gg:7052

Attributes
  • delay

    1

  • install

    true

  • install_file

    regedit.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      rizz.exe

    • Size

      72KB

    • MD5

      b34928c5afd20368c2810613c4a550d2

    • SHA1

      ac281837cacfc3409e7a41b7230989c3774ba4e2

    • SHA256

      3193f135e199228a2d3b3a61e04ff5d82bf8669b1b3380b22f537ed7c7e06261

    • SHA512

      a2661d23e15737fb1e069329f9527dcdc71b2332fc4dd2edd4910c4bccc474702e0c964a92ba4687b62dba37bf1da0935b8bd49374fdd0ceea7e6b1836647d10

    • SSDEEP

      1536:ACyyQm2As0GWzbzXvMgYM51yVKNY9sUIdshOCOwX0ttdk61E8Ygiyw:ACyyZVGobzAAy0NFdsh/OXtdkqBS

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks