General

  • Target

    ba529ea19fda6c25b0ed8b5a066d555a85d3a9ed086c357376eb9371ce6b5f08

  • Size

    561KB

  • Sample

    241217-b1qwdswnaw

  • MD5

    59f54abcaa8dbe3a24889aa47acfe6e3

  • SHA1

    4bd9f757a7adda2137a12822a4c8023780631781

  • SHA256

    ba529ea19fda6c25b0ed8b5a066d555a85d3a9ed086c357376eb9371ce6b5f08

  • SHA512

    c3538bcfc2abaa8245712bcff58c04c78763c57279afd6a27e20b1fe5c41bff3083a7339e1b0e777197691a1f4bd45fddc47ca9f111998d0ff2e4990cc805f4a

  • SSDEEP

    12288:+WZhFDtzXu62+hqjg5LUTqtdwYAaAsXNdlxztdSMYPxwtBpZU59D:+IDhLQAIqgzs9tzt0MtBj2F

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

oshaduck123.duckdns.org:6606

oshaduck123.duckdns.org:7707

oshaduck123.duckdns.org:8808

Mutex

ZWwiD1mukwdK

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      RFQ_#24429725,pdf.exe

    • Size

      1.0MB

    • MD5

      98c8ad44f3883561b9ec33744763f556

    • SHA1

      54d00d5fc3a5c1c287c371699b027b83afbd3be2

    • SHA256

      e508e38d56c2d0c62b80bf11aeb4af982e5ce44e925c4858c725db2ba02aca2d

    • SHA512

      10826e4abc66c19ef106c91332cd0fab7b2e29975781a66570136aa507e296ffa43f7f62eeb634321f2ba442589550a52e43c0e57a2dab755ed29ea5ff5394aa

    • SSDEEP

      24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8apS0MHt:6TvC/MTQYxsWR7apM

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks