General
-
Target
FA2020.06.85569.DOCX.exe
-
Size
188KB
-
Sample
200707-xeksbtwt1n
-
MD5
2698aef990026c034352cc9e5b6fb4f8
-
SHA1
29b12cb2e71ed287a1e4bdcab3b22ff500f74392
-
SHA256
8be860472e72eae45034f553b53dc883fa99292a2b54ef2a57614fcf8e600790
-
SHA512
f210c00727df295705facfd7f107ead737b1f77f55776916d8acb9d6b884333d29332a7b186b0ef27f02d9795bf81a4dc4f00c7edc9bb66164a70a88a5f60a6c
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
DHyXENUbuF7kz7qg9whtglVdx8ChMDvS
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/63NgqBcT
-
port
null
-
version
0.5.7B
Targets
-
-
Target
FA2020.06.85569.DOCX.exe
-
Size
188KB
-
MD5
2698aef990026c034352cc9e5b6fb4f8
-
SHA1
29b12cb2e71ed287a1e4bdcab3b22ff500f74392
-
SHA256
8be860472e72eae45034f553b53dc883fa99292a2b54ef2a57614fcf8e600790
-
SHA512
f210c00727df295705facfd7f107ead737b1f77f55776916d8acb9d6b884333d29332a7b186b0ef27f02d9795bf81a4dc4f00c7edc9bb66164a70a88a5f60a6c
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-