General

  • Target

    33dad047fbc03f81e8a9e63d99a7efe4

  • Size

    502KB

  • Sample

    220705-2d7thaffg2

  • MD5

    33dad047fbc03f81e8a9e63d99a7efe4

  • SHA1

    6f3ae296412b498835b5ab3e9318062f9c7d7f2f

  • SHA256

    4e75cb29be96283f4f05a840c4ed6ff23ed3ff24fcf32af2845a5b187261439d

  • SHA512

    9b6237231d97b8b3988c0831cf91c74f1c52f2741c319076200159a3bf5db13a4ba0e977c0c45c5df25b5608470c3d482fce36951ab29d4103b4c6441b98e4e6

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

10.14.204.30:2022

10.14.204.30:2019

10.14.204.30:5631

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      33dad047fbc03f81e8a9e63d99a7efe4

    • Size

      502KB

    • MD5

      33dad047fbc03f81e8a9e63d99a7efe4

    • SHA1

      6f3ae296412b498835b5ab3e9318062f9c7d7f2f

    • SHA256

      4e75cb29be96283f4f05a840c4ed6ff23ed3ff24fcf32af2845a5b187261439d

    • SHA512

      9b6237231d97b8b3988c0831cf91c74f1c52f2741c319076200159a3bf5db13a4ba0e977c0c45c5df25b5608470c3d482fce36951ab29d4103b4c6441b98e4e6

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks