General

  • Target

    FedEx_Label_202218201.exe

  • Size

    28KB

  • Sample

    221001-jd4sqsffc4

  • MD5

    9fa348df801f0d2cebb02378b3546f6e

  • SHA1

    03a5c5344ad4c92366cb086ad78bb7f4fe4f7a17

  • SHA256

    d71cdeb52c0e74f3b4c96e4b5dbe70af00814283985036d62b43de0950d77b22

  • SHA512

    b48e919554920a4f441401b8f453a09eebf10fced670e1e35d01433a2edb990815894250cab3773104ca05064183be3779d4f6acac3040f5955a05a760476ae7

Malware Config

Targets

    • Target

      FedEx_Label_202218201.exe

    • Size

      28KB

    • MD5

      9fa348df801f0d2cebb02378b3546f6e

    • SHA1

      03a5c5344ad4c92366cb086ad78bb7f4fe4f7a17

    • SHA256

      d71cdeb52c0e74f3b4c96e4b5dbe70af00814283985036d62b43de0950d77b22

    • SHA512

      b48e919554920a4f441401b8f453a09eebf10fced670e1e35d01433a2edb990815894250cab3773104ca05064183be3779d4f6acac3040f5955a05a760476ae7

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation