General

  • Target

    db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bbN.exe

  • Size

    3.6MB

  • Sample

    250103-xnavasyjfv

  • MD5

    c1b291109f5b8e4e2bd958cf377867f0

  • SHA1

    636e6e1279746ef11f8445360a3ca1855f13e715

  • SHA256

    db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bb

  • SHA512

    23a35524da71ef18dcba22d5b42c3f6131258d2040077b14a0a3f7f7820911694fc5c1f92933d39a41437b12de734225589ef02df8805d597e6b746443402b1a

  • SSDEEP

    98304:lkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:lkSIlLtzWAXAkuujCPX9YG9he5GnQCAo

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

51.89.44.68:8848

Mutex

etb3t1tr5n

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %Temp%

aes.plain

Targets

    • Target

      db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bbN.exe

    • Size

      3.6MB

    • MD5

      c1b291109f5b8e4e2bd958cf377867f0

    • SHA1

      636e6e1279746ef11f8445360a3ca1855f13e715

    • SHA256

      db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bb

    • SHA512

      23a35524da71ef18dcba22d5b42c3f6131258d2040077b14a0a3f7f7820911694fc5c1f92933d39a41437b12de734225589ef02df8805d597e6b746443402b1a

    • SSDEEP

      98304:lkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:lkSIlLtzWAXAkuujCPX9YG9he5GnQCAo

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks