General
-
Target
DsAhotm_LetThereBeCarnage.exe
-
Size
251KB
-
Sample
241128-k4d6faylhr
-
MD5
9e732c5246739e8432d73ade12d6063f
-
SHA1
058cc69117ffc8d1f184cb904672d4a8bc69bccc
-
SHA256
93e296579910efa85a3b68bb48ce390d542144e5544aaf6b6da1070e8bc4be75
-
SHA512
db5f721d8d62db05f9774fc133843e597dd2f8cd7705894b88bfd753076f6394af08fd5834dc9816d99b0d07b55d85b528346a1e67544fd3a56f7fa3092b5e13
-
SSDEEP
3072:Lzqm6pgjggLJ4ul7W4d14fJRTZAgENnuLt9bhaB7zltGfYoJkuCD93no2z:Lp5lt1+JR2gmuLt9bUB7zlwfYoJkb1
Malware Config
Targets
-
-
Target
DsAhotm_LetThereBeCarnage.exe
-
Size
251KB
-
MD5
9e732c5246739e8432d73ade12d6063f
-
SHA1
058cc69117ffc8d1f184cb904672d4a8bc69bccc
-
SHA256
93e296579910efa85a3b68bb48ce390d542144e5544aaf6b6da1070e8bc4be75
-
SHA512
db5f721d8d62db05f9774fc133843e597dd2f8cd7705894b88bfd753076f6394af08fd5834dc9816d99b0d07b55d85b528346a1e67544fd3a56f7fa3092b5e13
-
SSDEEP
3072:Lzqm6pgjggLJ4ul7W4d14fJRTZAgENnuLt9bhaB7zltGfYoJkuCD93no2z:Lp5lt1+JR2gmuLt9bUB7zlwfYoJkb1
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1