General

  • Target

    AsyncClient.exe

  • Size

    45KB

  • Sample

    241201-x5zjzstqaj

  • MD5

    87b6917db381131a861ba84d4269b0bd

  • SHA1

    801e58b238a02f2d0bb972ee230e77f4bfe4baa1

  • SHA256

    02d242ea2f9251a46c8fc7fdc8a7c00a64491f015b3b8dbe11ff7afaff3fa7c9

  • SHA512

    b297874e06ff77aa8115f9935a7b13fd34a472f904f960708f9c8c86881c6256834362fe8bbdee35914a132d9db4b5fc7f2fb6d418f042cbf5d8a89c5bf5fb6e

  • SSDEEP

    768:/u67dTAYhbJWUh9Nzmo2qLIKjPGaG6PIyzjbFgX3iuzTMsfaP9c9CysmBDZER:/u67dTAur2RKTkDy3bCXSoMWaP9QjdER

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

149.143.127.81:6606

149.143.127.81:7707

149.143.127.81:8808

Mutex

RPDOrlBP5iQP

Attributes
  • delay

    3

  • install

    true

  • install_file

    Update.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      AsyncClient.exe

    • Size

      45KB

    • MD5

      87b6917db381131a861ba84d4269b0bd

    • SHA1

      801e58b238a02f2d0bb972ee230e77f4bfe4baa1

    • SHA256

      02d242ea2f9251a46c8fc7fdc8a7c00a64491f015b3b8dbe11ff7afaff3fa7c9

    • SHA512

      b297874e06ff77aa8115f9935a7b13fd34a472f904f960708f9c8c86881c6256834362fe8bbdee35914a132d9db4b5fc7f2fb6d418f042cbf5d8a89c5bf5fb6e

    • SSDEEP

      768:/u67dTAYhbJWUh9Nzmo2qLIKjPGaG6PIyzjbFgX3iuzTMsfaP9c9CysmBDZER:/u67dTAur2RKTkDy3bCXSoMWaP9QjdER

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks