General

  • Target

    7623_output.vbs

  • Size

    203KB

  • Sample

    241224-x3gldsvnbj

  • MD5

    0277c2765732f368a0b5260a2f100d5f

  • SHA1

    88b89fa52c3ef01f500c62eaa5d420e51bcd2eb3

  • SHA256

    20dd257e3dc3a5a45a864ae9de7e13e0800007b1241a5c4bc104a0ba69d9dcf3

  • SHA512

    f11d1b42e1b1255044eb3dcbf3f625506174600c2f36f06847f050cafea8d5001506b34b3beafe5352b925b5dc873af9523aaab83bafde8db9177fa281b1371b

  • SSDEEP

    1536:abfH0KjpWwyBGjb59fSpcnZmDf+c+CMG3892XEtSPeVDr+HeOubxS8fddN:a7H0KjppKkJSSuf+c+Zo/cP+0bxS81T

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

jt8iyre.localto.net:2101

jt8iyre.localto.net:55644

Mutex

E0GLVPl3iUqi

Attributes
  • delay

    3

  • install

    false

  • install_file

    winserve.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7623_output.vbs

    • Size

      203KB

    • MD5

      0277c2765732f368a0b5260a2f100d5f

    • SHA1

      88b89fa52c3ef01f500c62eaa5d420e51bcd2eb3

    • SHA256

      20dd257e3dc3a5a45a864ae9de7e13e0800007b1241a5c4bc104a0ba69d9dcf3

    • SHA512

      f11d1b42e1b1255044eb3dcbf3f625506174600c2f36f06847f050cafea8d5001506b34b3beafe5352b925b5dc873af9523aaab83bafde8db9177fa281b1371b

    • SSDEEP

      1536:abfH0KjpWwyBGjb59fSpcnZmDf+c+CMG3892XEtSPeVDr+HeOubxS8fddN:a7H0KjppKkJSSuf+c+Zo/cP+0bxS81T

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks