General

  • Target

    a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

  • Size

    436KB

  • Sample

    220225-lvn5qafge5

  • MD5

    1795a964260c42f1891e4f8e64c9820d

  • SHA1

    de3db6e8b3862c64187f5b60f7979296c9cc43fc

  • SHA256

    7b3e0e43e179268d70bc17c99e476c72c58e18ef0f4a301e155574524ae4249a

  • SHA512

    74bd655cfffbc81b338ffa9e56a633d89af0e4fe7903024ed347dcb4e58af505369e69d57039bf2e170d0bd0b981c848adc43ab8258cc1764191495a4a7345cc

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

1

C2

212.193.30.54:8755

Mutex

gyQ12!.,=FD7trew

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

    • Size

      668KB

    • MD5

      1dfb8f4b408ad8a763e4655e90c07093

    • SHA1

      be332a245adcd81707dd3de6b60653e2f68a0256

    • SHA256

      a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979

    • SHA512

      a7af9a29cc5942ca67473f0f25f919bd22b6510b8f9738121dbac2f248dcfdbadc086097c120e00bba3df1fd08f7881d54fa3ec0a3775a0ab01219aa5991f9df

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks