General

  • Target

    Halkbank_Ekstre_20210118_162356_389771.exe

  • Size

    1003KB

  • Sample

    210118-at3l2cl1b2

  • MD5

    84217fc5c07aabf3321ed2c0feed1cba

  • SHA1

    4ba652be61d9185a8ae35f12a951d315f2c5dec5

  • SHA256

    cdcc8531c42e3ede33c0ecbcb82f7a6e5445e959eee3796475258df830a18813

  • SHA512

    923d5fb3e3879837e338d0437a8751074a8114f8e6d7f8c0e4c960109b00bafe9d92be41db9ed46f20249cf6b5d4f90f5b8ed173f7d0a6b1df16c046e7f50f13

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:1604

91.193.75.189:6606

91.193.75.189:7707

91.193.75.189:8808

91.193.75.189:1604

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    mfafeIQA2jA2dXxxjBmJHl3XAeFPQwQb

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    127.0.0.1,91.193.75.189

  • hwid

    10

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808,1604

  • version

    0.5.7B

aes.plain

Targets

    • Target

      Halkbank_Ekstre_20210118_162356_389771.exe

    • Size

      1003KB

    • MD5

      84217fc5c07aabf3321ed2c0feed1cba

    • SHA1

      4ba652be61d9185a8ae35f12a951d315f2c5dec5

    • SHA256

      cdcc8531c42e3ede33c0ecbcb82f7a6e5445e959eee3796475258df830a18813

    • SHA512

      923d5fb3e3879837e338d0437a8751074a8114f8e6d7f8c0e4c960109b00bafe9d92be41db9ed46f20249cf6b5d4f90f5b8ed173f7d0a6b1df16c046e7f50f13

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks