General

  • Target

    24629f46db685706bb7b29e1a34892c4.exe

  • Size

    82KB

  • Sample

    220930-a87y7sdbep

  • MD5

    24629f46db685706bb7b29e1a34892c4

  • SHA1

    27943a8694e714b4d1c0a2ce13613ca3597fc629

  • SHA256

    db91a1f06b3434c3f86c3df429e05e39d988bc929f9c7762c4f3215a2d56fe5a

  • SHA512

    8da06698eabaa7f043737374bc560e9aaf59688900bb1763661ac16dfb54b9602227bd5a4796c97837c27dda4ded3c48bb7b7ed3d6cce703b573c4c892e08a31

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Windows Sheel Host

C2

20.111.19.215:3152

Attributes
delay
3
install
false
install_file
Windows Sheel Host.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      24629f46db685706bb7b29e1a34892c4.exe

    • Size

      82KB

    • MD5

      24629f46db685706bb7b29e1a34892c4

    • SHA1

      27943a8694e714b4d1c0a2ce13613ca3597fc629

    • SHA256

      db91a1f06b3434c3f86c3df429e05e39d988bc929f9c7762c4f3215a2d56fe5a

    • SHA512

      8da06698eabaa7f043737374bc560e9aaf59688900bb1763661ac16dfb54b9602227bd5a4796c97837c27dda4ded3c48bb7b7ed3d6cce703b573c4c892e08a31

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation