General

  • Target

    mod_raenma.exe

  • Size

    351KB

  • Sample

    241223-mjebtaykgv

  • MD5

    4be742cf9d626cd0e49ebd0f6673c5a3

  • SHA1

    4b59ac80c7d3173322f6e9af9752152ba3ba8437

  • SHA256

    c81e4314c2184685ea4bbb147a928fe6a3cc57f5498b8e311fb352b2f1055712

  • SHA512

    e7772593e30e38f32ca6b760693a7574b9c87293021494dee8b182ce0813ddfd01a7e7de6030ea3be9391a2dbb6f8073d1d47db3c101764555f83416863161bc

  • SSDEEP

    6144:zWsRLwBm74DJWy6mYrLC0m7tuGyqxLkMH9O1BNI:zBRLwBm2JWxBGyykMo7I

Malware Config

Extracted

Family

asyncrat

Botnet

DEC-feder.xyz

C2

bahautopilotusatzfeder.xyz:2011

eichstaett.duckdns.org:2011

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      mod_raenma.exe

    • Size

      351KB

    • MD5

      4be742cf9d626cd0e49ebd0f6673c5a3

    • SHA1

      4b59ac80c7d3173322f6e9af9752152ba3ba8437

    • SHA256

      c81e4314c2184685ea4bbb147a928fe6a3cc57f5498b8e311fb352b2f1055712

    • SHA512

      e7772593e30e38f32ca6b760693a7574b9c87293021494dee8b182ce0813ddfd01a7e7de6030ea3be9391a2dbb6f8073d1d47db3c101764555f83416863161bc

    • SSDEEP

      6144:zWsRLwBm74DJWy6mYrLC0m7tuGyqxLkMH9O1BNI:zBRLwBm2JWxBGyykMo7I

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

MITRE ATT&CK Matrix

Tasks