Overview

overview

10

Static

static

Tax Invoice.exe

windows7_x64

10

Tax Invoice.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5639a8c405d3ef3c0d64057e755a3a324ea6aed05909f09697dd60cf98e447b4

  • Size

    290KB

  • Sample

    220701-r47w3sacd7

  • MD5

    d97c46af73791e0be121e02c4ad22a8d

  • SHA1

    d5f48d38149c9292d9ffdf795125bd8dc69ade17

  • SHA256

    5639a8c405d3ef3c0d64057e755a3a324ea6aed05909f09697dd60cf98e447b4

  • SHA512

    cad3dc978fab00c0c1113386c996748b2b72470edd1b570be53566aefab644fe017da34df8fccd83613dbd8dcfd4a57603b3e666dd3632c3180b3e943762f1eb

Score
10/10
asyncratpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

soft.tjsosda.com:1989

sure.spdns.de:1989

hurricane.rapiddns.ru:1989
Mutex

admin2214

Attributes
  • delay

    5

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Tax Invoice.exe

    • Size

      239KB

    • MD5

      f3e095480b743b91e227a56dc90f961f

    • SHA1

      c173a87c984a20bf5e3751351e144a62de4ae269

    • SHA256

      762c259cf0068e583cc70d8839c65bb87401de2f926f8306c66d83e7d7cfda8e

    • SHA512

      d7fb57e80d720221aeb1674d7aa967e3c87b334f13c76c26e81d22cc0877d4921deffe37670093de83ebcbf488cdf654eadd12ce9cbd97517068621ec3a15de0

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks