9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a

General
Target

9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a

Size

173KB

Sample

220521-xkyrysfcbj

Score
10 /10
MD5

8638c62d1217deb422a24e9e952bba02

SHA1

cfc6ae58463e03da00c7d4c8fdeae33418381b16

SHA256

9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a

SHA512

2787d3d26c0dbb15e5d8897b8c146d798caf30c0c15ca949fc218a4dd765571d80d1d7c4e2e3b25d664532d642ac262dca3d9817544e3207dabc582a626c9cb2

Malware Config

Extracted

Family asyncrat
Version 0.5.7B
Botnet Default
C2

freshg.ddns.net:2256

Attributes
delay
3
install
true
install_file
logs.exe
install_folder
%AppData%
aes.plain
Targets
Target

New Purchase Order.exe

MD5

072c089d4dbca02a4ae028d984f4cc03

Filesize

287KB

Score
10/10
SHA1

3bd3b2dd8b8876c64bf528ee503c5ff2a893f897

SHA256

4c66ebb40e5abd92b6a6985e8409116c5424ebb9af0c320cbafb031698e5022c

SHA512

3f2988a4f256e1b4cb07af531798d7d3bd445f27a81aecf15f200cc8aa1c2fdaff591e9865965468d651a7d578808550dfba95d959d74eb7a1abd3c667af67ac

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Async RAT payload

    Tags

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10