General
-
Target
SecuriteInfo.com.Exploit.Siggen2.64979.3440.25529
-
Size
75KB
-
Sample
201111-79kmhz5xjs
-
MD5
3ee1d217550d9a55c163425be47b8011
-
SHA1
1bbfcfca3f3825519f9f788e22e44729b8076ead
-
SHA256
e3135524707805846676cd7c532842a58e3592d4feda5f162443175e32032ec5
-
SHA512
e3166273eac7e2bce19faabbb8b95e807fd66fa17e29adf3563df2fbbd55af68c2625021ba44070f81e7f600cd8537772457cdd6586c95f464ec011c9308a6b8
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.64979.3440.25529.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.64979.3440.25529.xls
Resource
win10v20201028
Malware Config
Extracted
https://cutt.ly/7gX8MWJ
Extracted
asyncrat
0.5.7B
54.246.188.45:6606
-
aes_key
V4QtIrUXBLtj5uq2coY1jhHCz0hmygkt
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
54.246.188.45
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606
-
version
0.5.7B
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.64979.3440.25529
-
Size
75KB
-
MD5
3ee1d217550d9a55c163425be47b8011
-
SHA1
1bbfcfca3f3825519f9f788e22e44729b8076ead
-
SHA256
e3135524707805846676cd7c532842a58e3592d4feda5f162443175e32032ec5
-
SHA512
e3166273eac7e2bce19faabbb8b95e807fd66fa17e29adf3563df2fbbd55af68c2625021ba44070f81e7f600cd8537772457cdd6586c95f464ec011c9308a6b8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation