General

  • Target

    UH6AS_4698_output.vbs

  • Size

    203KB

  • Sample

    241227-3ymvhasnck

  • MD5

    4b6a750839856ab620fbdfc0250b3efd

  • SHA1

    95474dd9bcf969c408911fa7500dc3ccc6416596

  • SHA256

    41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d

  • SHA512

    0ce01f73301a57ca6dfacd135705f8662ba2cdd390da4afb0f9af27135f494da93d24fe5489a92de0f50766c63cef6b13db1095751f4c9f22f52d7aad87f8357

  • SSDEEP

    1536:abfH0Kj6qf7ANcXh5/vLQbFj7zy4XGCeehA5ID0ZG5xwzA7nogV6EAmqZlJ2B:a7H0Kj6iEij49XGCecA25qgoOilJo

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

87.120.113.125:2101

87.120.113.125:55644

Mutex

E0GLVPl3iUqi

Attributes
  • delay

    3

  • install

    false

  • install_file

    winserve.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      UH6AS_4698_output.vbs

    • Size

      203KB

    • MD5

      4b6a750839856ab620fbdfc0250b3efd

    • SHA1

      95474dd9bcf969c408911fa7500dc3ccc6416596

    • SHA256

      41e24d66f8bb13b08c6a41c4b4a2cbd52056edd2a17bec6f30fe3838db6d1f2d

    • SHA512

      0ce01f73301a57ca6dfacd135705f8662ba2cdd390da4afb0f9af27135f494da93d24fe5489a92de0f50766c63cef6b13db1095751f4c9f22f52d7aad87f8357

    • SSDEEP

      1536:abfH0Kj6qf7ANcXh5/vLQbFj7zy4XGCeehA5ID0ZG5xwzA7nogV6EAmqZlJ2B:a7H0Kj6iEij49XGCecA25qgoOilJo

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks