General

  • Target

    462342db316acd9578f80e1b80471237fecc9479d2d70f7f413b1b47cd302400

  • Size

    1018KB

  • Sample

    220929-fze5qahhb6

  • MD5

    f58357e2f32909d85790128c9f6d08c0

  • SHA1

    b75dea10a3f9ebcce95c2dbf9d20a98fe3c5bd78

  • SHA256

    462342db316acd9578f80e1b80471237fecc9479d2d70f7f413b1b47cd302400

  • SHA512

    52aec13d3af40f0396a31ed278f3d243bf3eb6bebaac425bd8cc050cf399e47eb1e6ec851eb024c56d4ccc1d76d958aa2ba87ec94e2a7e72c9bf6484cdf949d8

  • SSDEEP

    12288:ithx+HhW51Ur3EUfGTLX+fw0aSdpjRAvqYzlJLO/xbf:aD4h/jtfw0PmzlJLO/hf

Malware Config

Targets

    • Target

      462342db316acd9578f80e1b80471237fecc9479d2d70f7f413b1b47cd302400

    • Size

      1018KB

    • MD5

      f58357e2f32909d85790128c9f6d08c0

    • SHA1

      b75dea10a3f9ebcce95c2dbf9d20a98fe3c5bd78

    • SHA256

      462342db316acd9578f80e1b80471237fecc9479d2d70f7f413b1b47cd302400

    • SHA512

      52aec13d3af40f0396a31ed278f3d243bf3eb6bebaac425bd8cc050cf399e47eb1e6ec851eb024c56d4ccc1d76d958aa2ba87ec94e2a7e72c9bf6484cdf949d8

    • SSDEEP

      12288:ithx+HhW51Ur3EUfGTLX+fw0aSdpjRAvqYzlJLO/xbf:aD4h/jtfw0PmzlJLO/hf

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies WinLogon for persistence

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks