34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

General
Target

34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

Size

671KB

Sample

220222-kp12naegf9

Score
10 /10
MD5

3c39836dedf6779a0207819c72238fa5

SHA1

07433edf63057fff1e96ddbf5249aa2c50f69dbd

SHA256

34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

SHA512

f8a6810abf551f01aae3a8d7c2e6a3421aac3f0312301a5e12a28bfe9490ae064f5c8dd846113cf755a3d9b8f22b80f92b27ec6e4590b04a1629662f472a7086

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet 1
C2

212.193.30.54:8755

Attributes
anti_vm
false
bsod
false
delay
3
install
false
install_folder
%AppData%
pastebin_config
null
aes.plain
Targets
Target

34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

MD5

3c39836dedf6779a0207819c72238fa5

Filesize

671KB

Score
10/10
SHA1

07433edf63057fff1e96ddbf5249aa2c50f69dbd

SHA256

34694c57b7447b59d6bc6a2dba635fa320a4d4b1e550a36840fe1f2208b76d87

SHA512

f8a6810abf551f01aae3a8d7c2e6a3421aac3f0312301a5e12a28bfe9490ae064f5c8dd846113cf755a3d9b8f22b80f92b27ec6e4590b04a1629662f472a7086

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1