General

  • Target

    6BD0F63D69EBAA8E28B21E9B0F5C02E05C1213535B288.exe

  • Size

    203KB

  • Sample

    210504-1nf5lvb5sa

  • MD5

    fb5f1a2f214dc8774c41d7a67965a733

  • SHA1

    07bb74780172f5dd719e7c392817a0aaad27f173

  • SHA256

    6bd0f63d69ebaa8e28b21e9b0f5c02e05c1213535b2881d080db1d09082e9f1d

  • SHA512

    3ff2cffda73daf67b3da8c1a8a841183b97e4a6c0d3a9e62c86d7e50476ae748439b5cd61051fabd8a869e60b404b3df549700a8ace941dfbd4da241b27cd56d

Malware Config

Targets

    • Target

      6BD0F63D69EBAA8E28B21E9B0F5C02E05C1213535B288.exe

    • Size

      203KB

    • MD5

      fb5f1a2f214dc8774c41d7a67965a733

    • SHA1

      07bb74780172f5dd719e7c392817a0aaad27f173

    • SHA256

      6bd0f63d69ebaa8e28b21e9b0f5c02e05c1213535b2881d080db1d09082e9f1d

    • SHA512

      3ff2cffda73daf67b3da8c1a8a841183b97e4a6c0d3a9e62c86d7e50476ae748439b5cd61051fabd8a869e60b404b3df549700a8ace941dfbd4da241b27cd56d

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies WinLogon for persistence

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks