General

  • Target

    INV00293893.exe

  • Size

    593KB

  • Sample

    210505-4rpd23pnvs

  • MD5

    9c697146c626141417666b847ba49752

  • SHA1

    5847ac080a879df3533d5fece6cb21f07702beb3

  • SHA256

    6d52d77cc1f4ae6384113a2099386a3ec22f31d6d58bb264d625d532fdf48161

  • SHA512

    ba2f995e8d81227f96d6868bead1017960bfb18784691fb8e35754666794b7d10c6d7b8ae505e5d13fbfb23f55d44c232bfdc65890f8ee280b2835f0b5beb454

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

podzeye.duckdns.org:5522

podzeye.duckdns.org:5552

podzeye.duckdns.org:5533

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    bvWieEm9xvjWPWmzbmFe0NuBHX1DCbdD

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    podzeye.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    5522,5552,5533

  • version

    0.5.7B

aes.plain

Targets

    • Target

      INV00293893.exe

    • Size

      593KB

    • MD5

      9c697146c626141417666b847ba49752

    • SHA1

      5847ac080a879df3533d5fece6cb21f07702beb3

    • SHA256

      6d52d77cc1f4ae6384113a2099386a3ec22f31d6d58bb264d625d532fdf48161

    • SHA512

      ba2f995e8d81227f96d6868bead1017960bfb18784691fb8e35754666794b7d10c6d7b8ae505e5d13fbfb23f55d44c232bfdc65890f8ee280b2835f0b5beb454

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks