General

  • Target

    a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

  • Size

    668KB

  • Sample

    220224-j454gsdfdm

  • MD5

    1dfb8f4b408ad8a763e4655e90c07093

  • SHA1

    be332a245adcd81707dd3de6b60653e2f68a0256

  • SHA256

    a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

  • SHA512

    a7af9a29cc5942ca67473f0f25f919bd22b6510b8f9738121dbac2f248dcfdbadc086097c120e00bba3df1fd08f7881d54fa3ec0a3775a0ab01219aa5991f9df

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

212.193.30.54:8755

Mutex

gyQ12!.,=FD7trew

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

    • Size

      668KB

    • MD5

      1dfb8f4b408ad8a763e4655e90c07093

    • SHA1

      be332a245adcd81707dd3de6b60653e2f68a0256

    • SHA256

      a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

    • SHA512

      a7af9a29cc5942ca67473f0f25f919bd22b6510b8f9738121dbac2f248dcfdbadc086097c120e00bba3df1fd08f7881d54fa3ec0a3775a0ab01219aa5991f9df

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks