Overview

overview

10

Static

static

Faktura re...78.exe

windows7_x64

10

Faktura re...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Faktura ref. # IRQ-21-07778.exe

  • Size

    697KB

  • Sample

    220125-khlndscbhp

  • MD5

    d2c4ad3484a598f0848a7947fc45175f

  • SHA1

    2c7807352b5ece76d1e0364acdcfce3bc2cd9b72

  • SHA256

    1b662d7015e25e2eba4e7b535732df5310c28ddd80797c260eebadfed1a1197d

  • SHA512

    366f15e329de3e504cc2a91e17129377b07815f19cd849e30d776eadac0ad3d57f5b8b5182bfc2bd80ba99839903f794649310c21f46c3447662d762b1288b5e

Score
10/10
asyncratdefaultratspywarestealersuricata

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

89.238.150.43:57095

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    true

  • install_file

    chromeex.exe

  • install_folder

    %Temp%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      Faktura ref. # IRQ-21-07778.exe

    • Size

      697KB

    • MD5

      d2c4ad3484a598f0848a7947fc45175f

    • SHA1

      2c7807352b5ece76d1e0364acdcfce3bc2cd9b72

    • SHA256

      1b662d7015e25e2eba4e7b535732df5310c28ddd80797c260eebadfed1a1197d

    • SHA512

      366f15e329de3e504cc2a91e17129377b07815f19cd849e30d776eadac0ad3d57f5b8b5182bfc2bd80ba99839903f794649310c21f46c3447662d762b1288b5e

    Score
    10/10
    asyncratdefaultratsuricataspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks