Factura 0000000065.xll

General
Target

Factura 0000000065.xll

Size

638KB

Sample

220222-j1kndaedf6

Score
10 /10
MD5

a673f1b64b97384cdb86e148a94188e8

SHA1

2f924ea70a3a8c7b3c5808af437cb895f90f588a

SHA256

4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539

SHA512

0eaaf0d09a828b7289e75e3c92bfb70b5a168031b7670f6eb6c74a0104b448b58f9bb30a09295141e23d0ea60b4571d9f0b220b4e61c38fd81197fc31e254002

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet 1
C2

212.193.30.54:8755

Attributes
anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

Factura 0000000065.xll

MD5

a673f1b64b97384cdb86e148a94188e8

Filesize

638KB

Score
10/10
SHA1

2f924ea70a3a8c7b3c5808af437cb895f90f588a

SHA256

4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539

SHA512

0eaaf0d09a828b7289e75e3c92bfb70b5a168031b7670f6eb6c74a0104b448b58f9bb30a09295141e23d0ea60b4571d9f0b220b4e61c38fd81197fc31e254002

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral2

                4/10