General

  • Target

    7254_output.vbs

  • Size

    203KB

  • Sample

    241222-yylvzsxnd1

  • MD5

    02081ae0dbab5cbb3ba6fb3d316bb850

  • SHA1

    0b422b950e717427ec53709384b214433871f78b

  • SHA256

    f93f8db130adb1cb891c6a8591d1c2f518a4ba3d5aed98d1e7b530030b0297bb

  • SHA512

    7ae8c0859f25c7cecaa0be83d5ac99d20bde7287ef1f49ddd3114d4683c8ec05a2947f0c0d27b62ea5b4b0764d6ae0a104ffa7d6d84a46b1bd0ecb1eac9d718d

  • SSDEEP

    1536:abfH0KjxZkPuIqVvsPX9ZvPcL6pVIxQz4EEmgEUUQt7xLVCf:a7H0KjYSds/9ZXCnjIK7pV2

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

jt8iyre.localto.net:2101

jt8iyre.localto.net:55644

Mutex

AbAUwI3PK3e3

Attributes
  • delay

    3

  • install

    false

  • install_file

    winserve.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7254_output.vbs

    • Size

      203KB

    • MD5

      02081ae0dbab5cbb3ba6fb3d316bb850

    • SHA1

      0b422b950e717427ec53709384b214433871f78b

    • SHA256

      f93f8db130adb1cb891c6a8591d1c2f518a4ba3d5aed98d1e7b530030b0297bb

    • SHA512

      7ae8c0859f25c7cecaa0be83d5ac99d20bde7287ef1f49ddd3114d4683c8ec05a2947f0c0d27b62ea5b4b0764d6ae0a104ffa7d6d84a46b1bd0ecb1eac9d718d

    • SSDEEP

      1536:abfH0KjxZkPuIqVvsPX9ZvPcL6pVIxQz4EEmgEUUQt7xLVCf:a7H0KjYSds/9ZXCnjIK7pV2

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks