General

  • Target

    76565fe11a0a449fe018b8eec7ef351ffdb4a921d21d3cd0d5edb3a23ce6ad6e

  • Size

    524KB

  • Sample

    241216-rykvcsspgz

  • MD5

    616f4ac7fb2fd1069df3b38f68b0f166

  • SHA1

    ad265fd07653633dad543e1335cc67b8ce4236f1

  • SHA256

    76565fe11a0a449fe018b8eec7ef351ffdb4a921d21d3cd0d5edb3a23ce6ad6e

  • SHA512

    b3c0edff07642ca34ac8e74f448d30ef7bc5e2abfef5edec8c1007e7a56e58b185fc6c48e739c6e43936b5f6129e9a422d6c98fba48a22efab7c5cd2584de71f

  • SSDEEP

    6144:yV8r/XJSzyvZYMpsFkvXSkkrtVhoXMkP0kyHxKyAc7paRSnrQyAKYLvgNgu4PFlo:yab5rvzq2vChBLkcdIWpVn8SFG3/a

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

oshaduck123.duckdns.org:6606

oshaduck123.duckdns.org:7707

oshaduck123.duckdns.org:8808

Mutex

ZWwiD1mukwdK

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      hesaphareketi-01.pdf.exe

    • Size

      1004KB

    • MD5

      f8b8beccdf66e3ef9ca54ac632ceb47b

    • SHA1

      24a275521156c3d36a452a09b69b7fc9a1981f7e

    • SHA256

      2cdfbaeb99da97fe3ed7bc8370f3af2a9c1a27e2812119a666f457264f6ca801

    • SHA512

      59ebd8f4e418b1b30a069d9721a7bb72684b3675ca2422ab179abf266cfe3701643b60b2093407224c11f311f667076b41898a3d018831ea55bd59781ef6e4c1

    • SSDEEP

      24576:qu6J33O0c+JY5UZ+XC0kGso6Fax8PEgNVWY:cu0c++OCvkGs9FaxpXY

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks