General

  • Target

    b752bcdd244f25e8071857279133c80d1423594cf0b412d5a209bc80732b2616

  • Size

    452KB

  • Sample

    220521-pf91esadhr

  • MD5

    c0ccb2938e295e29a92d56043e3d9a24

  • SHA1

    c630ced6b9af1cf622b837acad0b1bfec3f4c8e0

  • SHA256

    b752bcdd244f25e8071857279133c80d1423594cf0b412d5a209bc80732b2616

  • SHA512

    5ea8943ec90fbd80191c6c68f277709a8b17f47a427593002931beed5b5ef1272d0862dff0a963f07de8fbfc5755eac53f5d8d2933e7904dcad8feda21173636

Malware Config

Targets

    • Target

      SingPost-6246721,pdf.exe

    • Size

      390KB

    • MD5

      9b5dbfba82dff9bf15da0cccb119daad

    • SHA1

      413830039c21e73e75955139af53b9c48e420d89

    • SHA256

      6b1d69a75a4b53cb49c6acece476246b2ee6f483664091cee8cd24bbd444c636

    • SHA512

      25fd2825d9a3fd38a3ff40c40e20b8568b6469eaa2f2cc6bb8bd57cac34bfe600cac5e3dd402f1252f71c26c4ca68e609d81f59eee5912812b1f3b0032cfd19e

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks