General

  • Target

    36b5e3120ffe3468078cb5aa1a55a9da.exe

  • Size

    502KB

  • Sample

    220705-qb3afsbda6

  • MD5

    36b5e3120ffe3468078cb5aa1a55a9da

  • SHA1

    ea449fdeb6b5dc01c4f9cf503d2c7a5b66d5cc60

  • SHA256

    d9837c768f392a3bb98836aedc39c89e1b0641f1b51949d744bfb1a128cb23aa

  • SHA512

    e7e730e6b74ee4c9eec154908c991c26a548bb35e31b0e8e3cabd2e7457470ec967903060ceb74ec2e3727a2db16c378b43cad9b27eabcafc5d4a3062de700a3

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

37.0.14.204:2022

37.0.14.204:2019

37.0.14.204:5631

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      36b5e3120ffe3468078cb5aa1a55a9da.exe

    • Size

      502KB

    • MD5

      36b5e3120ffe3468078cb5aa1a55a9da

    • SHA1

      ea449fdeb6b5dc01c4f9cf503d2c7a5b66d5cc60

    • SHA256

      d9837c768f392a3bb98836aedc39c89e1b0641f1b51949d744bfb1a128cb23aa

    • SHA512

      e7e730e6b74ee4c9eec154908c991c26a548bb35e31b0e8e3cabd2e7457470ec967903060ceb74ec2e3727a2db16c378b43cad9b27eabcafc5d4a3062de700a3

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks