General

  • Target

    F605416A4ABCE35B85CE6D88B370E7BEC3C012772A0EB.exe

  • Size

    70KB

  • Sample

    220929-zcgjtabhg3

  • MD5

    198a692570d1a3197a7b82d5010ff135

  • SHA1

    757965d8c9f119e87a224f0a8a55fc7cd9225f71

  • SHA256

    f605416a4abce35b85ce6d88b370e7bec3c012772a0eb35c70e4f5aa0cdc9b3d

  • SHA512

    3572fac7eae731cc7499cd9baac1e98b092dd96237352807a659a3890f1a91338ee10a7d25668e98891c3e06d3b3c3354aba63a775100be5007c4584ea57c948

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

Botnet

Default

C2

163.172.225.185:6606

163.172.225.185:7707

163.172.225.185:8808

163.172.225.185:551

163.172.225.185:677

163.172.225.185:441

163.172.225.185:661

163.172.225.185:412

Attributes
delay
1
install
false
install_folder
%AppData%
aes.plain

Targets

    • Target

      F605416A4ABCE35B85CE6D88B370E7BEC3C012772A0EB.exe

    • Size

      70KB

    • MD5

      198a692570d1a3197a7b82d5010ff135

    • SHA1

      757965d8c9f119e87a224f0a8a55fc7cd9225f71

    • SHA256

      f605416a4abce35b85ce6d88b370e7bec3c012772a0eb35c70e4f5aa0cdc9b3d

    • SHA512

      3572fac7eae731cc7499cd9baac1e98b092dd96237352807a659a3890f1a91338ee10a7d25668e98891c3e06d3b3c3354aba63a775100be5007c4584ea57c948

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation