General

  • Target

    419929cb29132d4442411144a0836daebe9eddcb9498c583197479a728aac18f

  • Size

    556KB

  • Sample

    241222-1m2s6szndw

  • MD5

    632fcbfdd3e602712905071c5a178e6d

  • SHA1

    350fd5a29c11bf2244f94465ed2e82ce71a72ca4

  • SHA256

    419929cb29132d4442411144a0836daebe9eddcb9498c583197479a728aac18f

  • SHA512

    b0ea0cba1a9e6e5398e363d2558f0105288b48af2fa40678ce416bd07b2a021427c85af487734288f9e5a9185a1faeb3f2e67ae1a199e9686069333a07458ab4

  • SSDEEP

    12288:ndBhrOiY7fNzGxb2w0T1Qhg8HM+M71ao7DVxZNywjzS:ndulzGow0ihhM71aYj3TS

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

ronymahmoud.casacam.net:6606

ronymahmoud.casacam.net:7707

ronymahmoud.casacam.net:8808

sk.servemp3.com:6606

sk.servemp3.com:7707

sk.servemp3.com:8808

Mutex

fpfvkdzpfziibqk

Attributes
  • delay

    1

  • install

    false

  • install_file

    miccrosofte.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      419929cb29132d4442411144a0836daebe9eddcb9498c583197479a728aac18f

    • Size

      556KB

    • MD5

      632fcbfdd3e602712905071c5a178e6d

    • SHA1

      350fd5a29c11bf2244f94465ed2e82ce71a72ca4

    • SHA256

      419929cb29132d4442411144a0836daebe9eddcb9498c583197479a728aac18f

    • SHA512

      b0ea0cba1a9e6e5398e363d2558f0105288b48af2fa40678ce416bd07b2a021427c85af487734288f9e5a9185a1faeb3f2e67ae1a199e9686069333a07458ab4

    • SSDEEP

      12288:ndBhrOiY7fNzGxb2w0T1Qhg8HM+M71ao7DVxZNywjzS:ndulzGow0ihhM71aYj3TS

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks