General

  • Target

    RFQ_#24429725,pdf.exe

  • Size

    1.0MB

  • Sample

    241217-jvdmwavkfz

  • MD5

    98c8ad44f3883561b9ec33744763f556

  • SHA1

    54d00d5fc3a5c1c287c371699b027b83afbd3be2

  • SHA256

    e508e38d56c2d0c62b80bf11aeb4af982e5ce44e925c4858c725db2ba02aca2d

  • SHA512

    10826e4abc66c19ef106c91332cd0fab7b2e29975781a66570136aa507e296ffa43f7f62eeb634321f2ba442589550a52e43c0e57a2dab755ed29ea5ff5394aa

  • SSDEEP

    24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8apS0MHt:6TvC/MTQYxsWR7apM

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

oshaduck123.duckdns.org:6606

oshaduck123.duckdns.org:7707

oshaduck123.duckdns.org:8808

Mutex

ZWwiD1mukwdK

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      RFQ_#24429725,pdf.exe

    • Size

      1.0MB

    • MD5

      98c8ad44f3883561b9ec33744763f556

    • SHA1

      54d00d5fc3a5c1c287c371699b027b83afbd3be2

    • SHA256

      e508e38d56c2d0c62b80bf11aeb4af982e5ce44e925c4858c725db2ba02aca2d

    • SHA512

      10826e4abc66c19ef106c91332cd0fab7b2e29975781a66570136aa507e296ffa43f7f62eeb634321f2ba442589550a52e43c0e57a2dab755ed29ea5ff5394aa

    • SSDEEP

      24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8apS0MHt:6TvC/MTQYxsWR7apM

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks