Overview

overview

10

Static

static

Invoice#333210.lnk

windows7_x64

10

Invoice#333210.lnk

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice#333210.lnk

  • Size

    1KB

  • Sample

    210724-eamg2wtj3n

  • MD5

    fd00b923c37b36bfda9a7d78e370f4fc

  • SHA1

    a2f41a4e6f6778b8232054531f58aa083bcc455b

  • SHA256

    9d5eef4b39df0149096f70bde04f9704e0740e93b1f7911d1ad7a79fb7918cf8

  • SHA512

    b010dae295e3b2a25e158ff2b99d22c762d4b0f3fec6d8eb1a64b63946d7b6852254f955d7a377d40b4e77761b7a9017c8e1e0025b618be5eb49dde8834042c9

Score
10/10
asyncratratsuricata

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://ia601405.us.archive.org/29/items/async-rat-stealer-hta-23456789/AsyncRAT_stealer_hta_23456789.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia601503.us.archive.org/0/items/asyncRAT_stealer_all_32456789/asyncRAT_stealer_all_32456789.txt

Extracted

Family

asyncrat

Version

0.5.7B

C2

103.147.184.73:7920

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    1DM6U4ipQ53iwuPgxDRkDV4Ly78xKAPF

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    103.147.184.73

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    7920

  • version

    0.5.7B

aes.plain

Targets

    • Target

      Invoice#333210.lnk

    • Size

      1KB

    • MD5

      fd00b923c37b36bfda9a7d78e370f4fc

    • SHA1

      a2f41a4e6f6778b8232054531f58aa083bcc455b

    • SHA256

      9d5eef4b39df0149096f70bde04f9704e0740e93b1f7911d1ad7a79fb7918cf8

    • SHA512

      b010dae295e3b2a25e158ff2b99d22c762d4b0f3fec6d8eb1a64b63946d7b6852254f955d7a377d40b4e77761b7a9017c8e1e0025b618be5eb49dde8834042c9

    Score
    10/10
    asyncratratsuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks