General

  • Target

    Confirmation Transfer Copy MT102-Ref#000103020080012.zip

  • Size

    240KB

  • Sample

    211022-e7ch5abbc5

  • MD5

    589b954857ed822af65a382ffe5f2775

  • SHA1

    d7256a7e11d81bd0e83e924ab1aafe6c6bf35637

  • SHA256

    8447bf7a7b8921bed0b70bc78a2e1bf0bd28fa9b86e642f1c90cc9314dd3dda4

  • SHA512

    4af5d6daec88ff5840bb3af47f997c8bebe608741c724d91926e22b6bc2ce107e2911a8efd9badff343f65837c0633f17cd12211896aaa65a9960bdd362cea16

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

fresh01.ddns.net:2245

fresh01.ddns.net:2256

fresh01.ddns.net:2257

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      Confirmation Transfer Copy MT102-Ref#000103020080012.exe

    • Size

      375KB

    • MD5

      bc34e2e3796119bf8190fdf325944cd8

    • SHA1

      bc87dcca29160437422d7cc6672c17db7a900811

    • SHA256

      b3fa257367bd24b0a7dadc55b2f34ef9e24d36ad362f27665dca4fdc0184de71

    • SHA512

      ff5ed024b2e6332e55e4c75fd72412f658202a16015a6328fa98148e29c3d372888ab1fe4781439dc27539623753b6cc85a57cd78361a5fc198403aaf88651b0

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks