General

  • Target

    7100af497cdd8e133de63917b8d9ecffadb241e7f681c8cdae02bffbf269f2ba

  • Size

    8.7MB

  • Sample

    241216-1ndgza1ldw

  • MD5

    691c4944273ebdee88b7819b033b9dab

  • SHA1

    e1b12c305c442ef82ebbeea652fc25bc819b1c15

  • SHA256

    7100af497cdd8e133de63917b8d9ecffadb241e7f681c8cdae02bffbf269f2ba

  • SHA512

    dc532cab6157f652ae6d0c8179f034a7306d88aa374078c461abff1156cacce8e50595d426ef577872ea463cd87558403e24d027e718e88e4fd869a4ce2746ec

  • SSDEEP

    98304:oRNjkDuX7yiWmcTYuVEWilcuiKS6m4goQ1K5O/i37fkQOsjj3FVz6JT4hQ5jFLp2:oRNoD1iET3mO/irpv1tvC5LpVO8g

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Dicembrinos-12

C2

cascam12.casacam.net:8855

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7100af497cdd8e133de63917b8d9ecffadb241e7f681c8cdae02bffbf269f2ba

    • Size

      8.7MB

    • MD5

      691c4944273ebdee88b7819b033b9dab

    • SHA1

      e1b12c305c442ef82ebbeea652fc25bc819b1c15

    • SHA256

      7100af497cdd8e133de63917b8d9ecffadb241e7f681c8cdae02bffbf269f2ba

    • SHA512

      dc532cab6157f652ae6d0c8179f034a7306d88aa374078c461abff1156cacce8e50595d426ef577872ea463cd87558403e24d027e718e88e4fd869a4ce2746ec

    • SSDEEP

      98304:oRNjkDuX7yiWmcTYuVEWilcuiKS6m4goQ1K5O/i37fkQOsjj3FVz6JT4hQ5jFLp2:oRNoD1iET3mO/irpv1tvC5LpVO8g

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks