General

  • Target

    Details Job.lnk

  • Size

    1KB

  • Sample

    210104-lmnne59mbs

  • MD5

    ead6fa9c59da5f9b8d1f6221e7bfec8b

  • SHA1

    f1362a2fe9eea70d7efb231baf2ebc091ba9aa82

  • SHA256

    f0b87b3327347983e7a87ccd057fa7f080fd65459c538390a7486fc303644f0b

  • SHA512

    b7ec11e1ea6bd0925a8c6020f75f0061273e6114201dffaaa969537bbadceccaff9f8ae0207c3bca7184b5774523e91917cf950796179592a8ad755d608bac7d

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://nyanxcat.online/spam/v1/Fud.html

Extracted

Family

asyncrat

Version

0.5.7B

C2

getcookies.ddns.net:8888

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    KrPiyjIzWtdy5WaUqRCVIyG63PWNjYWg

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    getcookies.ddns.net

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    8888

  • version

    0.5.7B

aes.plain

Targets

    • Target

      Details Job.lnk

    • Size

      1KB

    • MD5

      ead6fa9c59da5f9b8d1f6221e7bfec8b

    • SHA1

      f1362a2fe9eea70d7efb231baf2ebc091ba9aa82

    • SHA256

      f0b87b3327347983e7a87ccd057fa7f080fd65459c538390a7486fc303644f0b

    • SHA512

      b7ec11e1ea6bd0925a8c6020f75f0061273e6114201dffaaa969537bbadceccaff9f8ae0207c3bca7184b5774523e91917cf950796179592a8ad755d608bac7d

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks