General
-
Target
F605416A4ABCE35B85CE6D88B370E7BEC3C012772A0EB.exe
-
Size
70KB
-
Sample
220929-zcgjtabhg3
-
MD5
198a692570d1a3197a7b82d5010ff135
-
SHA1
757965d8c9f119e87a224f0a8a55fc7cd9225f71
-
SHA256
f605416a4abce35b85ce6d88b370e7bec3c012772a0eb35c70e4f5aa0cdc9b3d
-
SHA512
3572fac7eae731cc7499cd9baac1e98b092dd96237352807a659a3890f1a91338ee10a7d25668e98891c3e06d3b3c3354aba63a775100be5007c4584ea57c948
-
SSDEEP
1536:Okc5mbE6TWogwg5wy74WcMX662ho4zdSmhFNhHMUC:Okc5mbEYWog35T4SXEhzcA3hH7C
Malware Config
Extracted
asyncrat
0.5.7A
Default
163.172.225.185:6606
163.172.225.185:7707
163.172.225.185:8808
163.172.225.185:551
163.172.225.185:677
163.172.225.185:441
163.172.225.185:661
163.172.225.185:412
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
F605416A4ABCE35B85CE6D88B370E7BEC3C012772A0EB.exe
-
Size
70KB
-
MD5
198a692570d1a3197a7b82d5010ff135
-
SHA1
757965d8c9f119e87a224f0a8a55fc7cd9225f71
-
SHA256
f605416a4abce35b85ce6d88b370e7bec3c012772a0eb35c70e4f5aa0cdc9b3d
-
SHA512
3572fac7eae731cc7499cd9baac1e98b092dd96237352807a659a3890f1a91338ee10a7d25668e98891c3e06d3b3c3354aba63a775100be5007c4584ea57c948
-
SSDEEP
1536:Okc5mbE6TWogwg5wy74WcMX662ho4zdSmhFNhHMUC:Okc5mbEYWog35T4SXEhzcA3hH7C
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation