General

  • Target

    tmp

  • Size

    1.7MB

  • Sample

    220927-zk1mnaffdk

  • MD5

    47d2d449ec519d7d24feafff8088735f

  • SHA1

    75fd74fffc8a9da0ef33dce2a616fd2424e41b86

  • SHA256

    1063141a71a9f3b788d4be37ff25d52cb29f7ec8105fbd8b90129073e78cd033

  • SHA512

    9fd8f13e6fc0ddf3cd69eb23f5fd9982b1f9f2f361b4b37de445bceea18860bdf8ca9ef546302d927b8ad749f48789ff51fe4797a69106a82921e275b5ada08b

  • SSDEEP

    24576:Bn1MHQ7hZjEnBmMYYsB3J0zNMESsm/r8REOuPOEkU1johR:1NZjEnBmMAJGNusYr8REOuP3kUZohR

Malware Config

Targets

    • Target

      tmp

    • Size

      1.7MB

    • MD5

      47d2d449ec519d7d24feafff8088735f

    • SHA1

      75fd74fffc8a9da0ef33dce2a616fd2424e41b86

    • SHA256

      1063141a71a9f3b788d4be37ff25d52cb29f7ec8105fbd8b90129073e78cd033

    • SHA512

      9fd8f13e6fc0ddf3cd69eb23f5fd9982b1f9f2f361b4b37de445bceea18860bdf8ca9ef546302d927b8ad749f48789ff51fe4797a69106a82921e275b5ada08b

    • SSDEEP

      24576:Bn1MHQ7hZjEnBmMYYsB3J0zNMESsm/r8REOuPOEkU1johR:1NZjEnBmMAJGNusYr8REOuP3kUZohR

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies WinLogon for persistence

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks