74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8

General
Target

74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8

Size

207KB

Sample

220521-xjtfvabhb9

Score
10 /10
MD5

55b4d3a324972f2aca755a6d6c181212

SHA1

213045b32c0817eb6a6f91635dc632bb25c0d048

SHA256

74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8

SHA512

195e86fa179d304ff6a7e0c380b6b893264c8b64e309f896e5900958278fd16ad75d3d1519c646d77225b2dd8ee0148e4e30c4cf8fc576591e0d09662efa9f09

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet TOGETHER
Attributes
delay
3
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/HKYwiN9V
aes.plain
Targets
Target

Doc#66202009475352576530141.pdf.exe

MD5

b54eea6b86a4ea7a743e1db549ea54f9

Filesize

414KB

Score
10/10
SHA1

2291b8a0e39ca979d0373f98fd2ba8e86105da65

SHA256

9ff9a09c4e1ff0b737d630660b25335cded1fbe365628b5d6e59211e7d8ff53c

SHA512

d5a477a98e5d8939fbcd97d05585fcc6a8f6f8d5e9eb95bf1d220d2ff7fb89d34c8aa83b2708d54ce1b861feab79b39d7ad6ce25557a4e5c50df5173cac33e64

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10