General
-
Target
Letter of Demand.doc
-
Size
36KB
-
Sample
210512-rgkan3gwnj
-
MD5
55fc048da179b62b3bb1ba86120ed35d
-
SHA1
55b2f166b64ff820287bf7dd27ee6249df73cbc2
-
SHA256
fc15f958384227e0df809fe1f0e043c2c596d88d0de5b6c799799529626a414c
-
SHA512
101d32109ddcbdfcbd5955281809cf078a95cac2be962585bb2f85590dbab475210439a9fcad605ab4950bfbee526b6c40e046a904c46759a04eca9df7f8ac95
Malware Config
Extracted
asyncrat
0.5.7B
185.136.169.24:6606
185.136.169.24:7707
185.136.169.24:8808
AsyncMutex_6SI8OkPnk
-
aes_key
LGDVTniOeH5YeueYvvfJNtR2bIW9Ox7U
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Em-Gee
-
host
185.136.169.24
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.7B
Targets
-
-
Target
Letter of Demand.doc
-
Size
36KB
-
MD5
55fc048da179b62b3bb1ba86120ed35d
-
SHA1
55b2f166b64ff820287bf7dd27ee6249df73cbc2
-
SHA256
fc15f958384227e0df809fe1f0e043c2c596d88d0de5b6c799799529626a414c
-
SHA512
101d32109ddcbdfcbd5955281809cf078a95cac2be962585bb2f85590dbab475210439a9fcad605ab4950bfbee526b6c40e046a904c46759a04eca9df7f8ac95
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-