General

  • Target

    build.exe

  • Size

    6.1MB

  • Sample

    241231-r4ewasxnep

  • MD5

    e7635fd18fe8720076cbfa1c2291132a

  • SHA1

    36b92c71ba43577bae36cada0123fa27ccfb7df0

  • SHA256

    bdfc9238f4c1c4d26fdd838bd39f0cff4f7628878320b73b1245cc21321615d7

  • SHA512

    f2b613f7db04d3d179ef6ddeb979de64351400b029c11b661da36ee88184277c5c78dea147f4be064e56549a6dd52b7a7b85ea36efc6c249cfcd5453f93bfaad

  • SSDEEP

    196608:7SkSIlLTUcwti7TQl2NgVg01MWAXAkuujCPX9YG9he5GnQCAJKN:ukSopwtQQl2aOtXADu8X9Y95GQLJ

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

51.89.44.68:8848

Mutex

etb3t1tr5n

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      build.exe

    • Size

      6.1MB

    • MD5

      e7635fd18fe8720076cbfa1c2291132a

    • SHA1

      36b92c71ba43577bae36cada0123fa27ccfb7df0

    • SHA256

      bdfc9238f4c1c4d26fdd838bd39f0cff4f7628878320b73b1245cc21321615d7

    • SHA512

      f2b613f7db04d3d179ef6ddeb979de64351400b029c11b661da36ee88184277c5c78dea147f4be064e56549a6dd52b7a7b85ea36efc6c249cfcd5453f93bfaad

    • SSDEEP

      196608:7SkSIlLTUcwti7TQl2NgVg01MWAXAkuujCPX9YG9he5GnQCAJKN:ukSopwtQQl2aOtXADu8X9Y95GQLJ

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks