General
-
Target
Invoice#333210.lnk
-
Size
1KB
-
Sample
210724-eamg2wtj3n
-
MD5
fd00b923c37b36bfda9a7d78e370f4fc
-
SHA1
a2f41a4e6f6778b8232054531f58aa083bcc455b
-
SHA256
9d5eef4b39df0149096f70bde04f9704e0740e93b1f7911d1ad7a79fb7918cf8
-
SHA512
b010dae295e3b2a25e158ff2b99d22c762d4b0f3fec6d8eb1a64b63946d7b6852254f955d7a377d40b4e77761b7a9017c8e1e0025b618be5eb49dde8834042c9
Static task
static1
Behavioral task
behavioral1
Sample
Invoice#333210.lnk
Resource
win7v20210410
Malware Config
Extracted
https://ia601405.us.archive.org/29/items/async-rat-stealer-hta-23456789/AsyncRAT_stealer_hta_23456789.txt
Extracted
https://ia601503.us.archive.org/0/items/asyncRAT_stealer_all_32456789/asyncRAT_stealer_all_32456789.txt
Extracted
asyncrat
0.5.7B
103.147.184.73:7920
AsyncMutex_6SI8OkPnk
-
aes_key
1DM6U4ipQ53iwuPgxDRkDV4Ly78xKAPF
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
103.147.184.73
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
7920
-
version
0.5.7B
Targets
-
-
Target
Invoice#333210.lnk
-
Size
1KB
-
MD5
fd00b923c37b36bfda9a7d78e370f4fc
-
SHA1
a2f41a4e6f6778b8232054531f58aa083bcc455b
-
SHA256
9d5eef4b39df0149096f70bde04f9704e0740e93b1f7911d1ad7a79fb7918cf8
-
SHA512
b010dae295e3b2a25e158ff2b99d22c762d4b0f3fec6d8eb1a64b63946d7b6852254f955d7a377d40b4e77761b7a9017c8e1e0025b618be5eb49dde8834042c9
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-