General

  • Target

    Request For Quote.exe

  • Size

    723KB

  • Sample

    210611-6sbgp2jenj

  • MD5

    60b38fcb88892b72f97c72a04b03ce29

  • SHA1

    90a9b8272b1c39aba84ceb9c53aa1b041fb61f6b

  • SHA256

    86a970ceae4a26b7b3cca4894885278b76aede70d85c92a2c55d9fe4d950a879

  • SHA512

    a5fe465d7fd3dc278c85be115ae060b85a069f445d3a768064e34fa51de08221368890bce5f958bc2133fbc4bfbc8393b7a0fff7a9093f80ef82dd6d8fad4477

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

kingmethod.duckdns.org:6606

kingmethod.duckdns.org:7707

kingmethod.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    OZXGLSBOBV86soeiTb9Hf1tQxfBtCgFw

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    ,kingmethod.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.7B

aes.plain

Targets

    • Target

      Request For Quote.exe

    • Size

      723KB

    • MD5

      60b38fcb88892b72f97c72a04b03ce29

    • SHA1

      90a9b8272b1c39aba84ceb9c53aa1b041fb61f6b

    • SHA256

      86a970ceae4a26b7b3cca4894885278b76aede70d85c92a2c55d9fe4d950a879

    • SHA512

      a5fe465d7fd3dc278c85be115ae060b85a069f445d3a768064e34fa51de08221368890bce5f958bc2133fbc4bfbc8393b7a0fff7a9093f80ef82dd6d8fad4477

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks