General

  • Target

    5d1cb8ef0509dc00fb09516e19457658a5b731061808bb09205c7e17ec96f2cf

  • Size

    336KB

  • Sample

    220521-pk8yxsfed5

  • MD5

    8b9d1958765f8f734f17f8668b4b7291

  • SHA1

    4432bec1a7cfa5b0c987888f5c3c1adae6514a3a

  • SHA256

    5d1cb8ef0509dc00fb09516e19457658a5b731061808bb09205c7e17ec96f2cf

  • SHA512

    a323cca21e79fb647f6f22db97cf86bd089350c68227cdc03738709d3b07ad5848b77958fb00d53a0089beffe595a0955020d0803745288e1d6c39508ac39a0e

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

gfsgvbxcv.duckdns.org:8057

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DETALLE DE PAGO CONFIRMACION Y SOPORTE pdf img-75849859485948594308594308.exe

    • Size

      1.1MB

    • MD5

      cb261cc178d2739834dca967f0f190b7

    • SHA1

      ac6d43500739a513a302b7bb4703f42369bbfca9

    • SHA256

      54d46ffbefae7f6025765c0c274f7f87714e5467da8926967efb01025693bb8e

    • SHA512

      7fcf93c3f4f0219420c1304127d3036c05ed16c49fe66a24ad48eea2ec5bb7047a7beabe864908603822a86c5186e9d1b8a06546c11e75fc6c4ced57ea7af01d

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies WinLogon for persistence

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks