General

  • Size

    141KB

  • Sample

    220805-h28wxshdbn

  • MD5

    2ed2a1d6604afeaa681f4c66dcd84194

  • SHA1

    6134d837220afe9377cd78950c8aca43dde08d8c

  • SHA256

    2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780

  • SHA512

    b6dc02f1974d0d90b171432156b85044ab67b51c00c9a6f2ce98562342dd2afb64ac36ae57e291d37da0db564c7191567183917971455969d9eb930c920e8979

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

techandro.giize.com:6906

techandro.giize.com:6907

hsolic.duckdns.org:6906

hsolic.duckdns.org:6907

Attributes
delay
1
install
true
install_file
sihost.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      2ed2a1d6604afeaa681f4c66dcd84194.exe

    • Size

      141KB

    • MD5

      2ed2a1d6604afeaa681f4c66dcd84194

    • SHA1

      6134d837220afe9377cd78950c8aca43dde08d8c

    • SHA256

      2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780

    • SHA512

      b6dc02f1974d0d90b171432156b85044ab67b51c00c9a6f2ce98562342dd2afb64ac36ae57e291d37da0db564c7191567183917971455969d9eb930c920e8979

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation