General
-
Target
1afa2560002b57a1e43485e23065260abd539ae721335e46c79ed59fee268c3f
-
Size
870KB
-
Sample
250126-yyndtatkdp
-
MD5
57ec9c5cdef08280c7f86f1267b2048b
-
SHA1
8d5a31a5fb1924525fbbf5d07ae69eb7452c748c
-
SHA256
1afa2560002b57a1e43485e23065260abd539ae721335e46c79ed59fee268c3f
-
SHA512
da60c8f0408ad9c7afdb56835819a94d7684a95a2c075b7716479fa3e2f33f6b1ee898b36f29667244a07370e002e6788a6d322e11b137c66792a8e365ba43b3
-
SSDEEP
24576:dK6DnB9VOFzl/MAZVsz/5/8yT/r7w1P+1PHnZXmO3w3:0SB9VO7UAL65/zrr2+VnZXb3w3
Malware Config
Extracted
asyncrat
1.0.7
Enero/Asgard
2025blessed.dynuddns.com:7998
VHKVSVS
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1afa2560002b57a1e43485e23065260abd539ae721335e46c79ed59fee268c3f
-
Size
870KB
-
MD5
57ec9c5cdef08280c7f86f1267b2048b
-
SHA1
8d5a31a5fb1924525fbbf5d07ae69eb7452c748c
-
SHA256
1afa2560002b57a1e43485e23065260abd539ae721335e46c79ed59fee268c3f
-
SHA512
da60c8f0408ad9c7afdb56835819a94d7684a95a2c075b7716479fa3e2f33f6b1ee898b36f29667244a07370e002e6788a6d322e11b137c66792a8e365ba43b3
-
SSDEEP
24576:dK6DnB9VOFzl/MAZVsz/5/8yT/r7w1P+1PHnZXmO3w3:0SB9VO7UAL65/zrr2+VnZXb3w3
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
-
-
Target
$TEMP/Existing
-
Size
25KB
-
MD5
1254760a9e0011ae9d4db930db1233af
-
SHA1
fc9c44cfc3c425f3f72ada3906f8a1b4a938171b
-
SHA256
fe07bc52517a65c8e721d35bd75f2409b0efb72f4bbf7f6077acb533be31d142
-
SHA512
cd5304873f4f259e64f39e5db7ee7bc6610c9b13998e29fe3eb6cc9a0add0789ad9ba725a9f5fe412bf37d01e9b80cc1ae0a9bee6eec6bc24772603e213a08d7
-
SSDEEP
768:5byYX3KOp2706LhBDTZp4Xga5J15CkkAiQ3QlFFV0v09079IMp529o:N53tp27jLhBZpla5J/eQ3aPVw09Kn+a
Score1/10 -