Overview

overview

10

Static

static

Pratka Eco...52.rtf

windows7_x64

10

Pratka Eco...52.rtf

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pratka Econt 5300133634052.doc

  • Size

    12KB

  • Sample

    220223-svrdeabhem

  • MD5

    b05bf67b8b2bf8f784d43aa9b51f5336

  • SHA1

    720e2c6b17b784db0a1424f998c5b9e698628dcf

  • SHA256

    1e2fdb811fe57821ee77f20c66996c8a52c64cd819326bf92f94976ed190d811

  • SHA512

    36c19b8c9e3dfcab7183caa20534e87333c4c1679eed225d28e7b78f52999c031be125a503dc589084ecd389e06d960c9d89284561f69335c642f8c2112e71d3

Score
10/10
asyncrat1persistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

212.193.30.54:8755

Mutex

gyQ12!.,=FD7trew

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      Pratka Econt 5300133634052.doc

    • Size

      12KB

    • MD5

      b05bf67b8b2bf8f784d43aa9b51f5336

    • SHA1

      720e2c6b17b784db0a1424f998c5b9e698628dcf

    • SHA256

      1e2fdb811fe57821ee77f20c66996c8a52c64cd819326bf92f94976ed190d811

    • SHA512

      36c19b8c9e3dfcab7183caa20534e87333c4c1679eed225d28e7b78f52999c031be125a503dc589084ecd389e06d960c9d89284561f69335c642f8c2112e71d3

    Score
    10/10
    asyncrat1persistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks