74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8

Target

Size

207KB

Sample

220521-xjtfvabhb9

Score

10 ^/10

MD5

55b4d3a324972f2aca755a6d6c181212

SHA1

213045b32c0817eb6a6f91635dc632bb25c0d048

SHA256

74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8

SHA512

195e86fa179d304ff6a7e0c380b6b893264c8b64e309f896e5900958278fd16ad75d3d1519c646d77225b2dd8ee0148e4e30c4cf8fc576591e0d09662efa9f09

Extracted

Family	asyncrat
Version	0.5.7B
Botnet	TOGETHER
Attributes	delay 3 install false install_folder %AppData% pastebin_config https://pastebin.com/raw/HKYwiN9V
aes.plain

Target

Doc#66202009475352576530141.pdf.exe

MD5

b54eea6b86a4ea7a743e1db549ea54f9

Filesize

414KB

Score

10^/10

SHA1

2291b8a0e39ca979d0373f98fd2ba8e86105da65

SHA256

9ff9a09c4e1ff0b737d630660b25335cded1fbe365628b5d6e59211e7d8ff53c

SHA512

d5a477a98e5d8939fbcd97d05585fcc6a8f6f8d5e9eb95bf1d220d2ff7fb89d34c8aa83b2708d54ce1b861feab79b39d7ad6ce25557a4e5c50df5173cac33e64

Signatures

AsyncRat
Description

AsyncRAT is designed to remotely monitor and control other computers.
Tags

rat asyncrat
Async RAT payload
Tags

rat
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Legitimate hosting services abused for malware hosting/C2
TTPs

Web Service
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Web Service

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

asyncrat together rat

10^/10

behavioral2

asyncrat together rat

10^/10

Extracted

Tags

Signatures

AsyncRat

Description

Tags

Async RAT payload

Tags

Checks computer location settings

Description

TTPs

Legitimate hosting services abused for malware hosting/C2

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2