Overview

overview

10

Static

static

CORRECT IN...09.exe

windows7-x64

10

CORRECT IN...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CORRECT INVOICE#202209.exe

  • Size

    894KB

  • Sample

    220921-hw3sqaffe4

  • MD5

    c4459a3e0613837be0c1c55cefb37c59

  • SHA1

    46cf99db96041a1617fea771eb648ed801de7e1b

  • SHA256

    ed63484bf6e586590ef3cd03db258a28144f70dd1322c1cc5e08cc52654a1838

  • SHA512

    c596a32983ed238a25802ead405d8f396adb0b1cbf520c61d655b8d19917970f9ae118ab2e6cd100b5eba0e33d32bbd527914034c7963ba3bc49dcc26699e4f6

  • SSDEEP

    12288:E05aL148SMvCT7F01+CQ98LEzSioXHFQLkenL+xqEZW:p8lCHUQUEz9jnLoV

Score
10/10
asyncratrat

Malware Config

Targets

    • Target

      CORRECT INVOICE#202209.exe

    • Size

      894KB

    • MD5

      c4459a3e0613837be0c1c55cefb37c59

    • SHA1

      46cf99db96041a1617fea771eb648ed801de7e1b

    • SHA256

      ed63484bf6e586590ef3cd03db258a28144f70dd1322c1cc5e08cc52654a1838

    • SHA512

      c596a32983ed238a25802ead405d8f396adb0b1cbf520c61d655b8d19917970f9ae118ab2e6cd100b5eba0e33d32bbd527914034c7963ba3bc49dcc26699e4f6

    • SSDEEP

      12288:E05aL148SMvCT7F01+CQ98LEzSioXHFQLkenL+xqEZW:p8lCHUQUEz9jnLoV

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks