General

  • Target

    Invoice & BACS Document.exe

  • Size

    27KB

  • Sample

    210416-v1eb5ertqs

  • MD5

    187fd3e6e9fe221f718a07b79c674219

  • SHA1

    c0241df055e89fb1ac9b13951bd97ac63b5d92c9

  • SHA256

    9bd40875855805f12dbb568e48036b669bf1768227f80d2666e5bc3d71f51474

  • SHA512

    a911713b66de75fa358bdde587960f3154c08a8dee7fc139968b7e99a215370ce5b162ac7e9e735878715e53ebee0b16e6f0732d96c36cb16be1ae8bfe2c9101

Malware Config

Targets

    • Target

      Invoice & BACS Document.exe

    • Size

      27KB

    • MD5

      187fd3e6e9fe221f718a07b79c674219

    • SHA1

      c0241df055e89fb1ac9b13951bd97ac63b5d92c9

    • SHA256

      9bd40875855805f12dbb568e48036b669bf1768227f80d2666e5bc3d71f51474

    • SHA512

      a911713b66de75fa358bdde587960f3154c08a8dee7fc139968b7e99a215370ce5b162ac7e9e735878715e53ebee0b16e6f0732d96c36cb16be1ae8bfe2c9101

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies Windows Defender Real-time Protection settings

    • Turns off Windows Defender SpyNet reporting

    • UAC bypass

    • Windows security bypass

    • Async RAT payload

    • Nirsoft

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks