General

  • Target

    SecuriteInfo.com.Win32.DropperX-gen.6349.exe

  • Size

    7KB

  • Sample

    221003-e7874agcc7

  • MD5

    d1860473f9a55ae6d09604dc559888a1

  • SHA1

    1da7d140c29e91e73ab7bdbb1e5373933d867ff3

  • SHA256

    60b9dfe94376364fa7c7d47ca49cfcdae1b54cfad864098c6cf260f5bf870992

  • SHA512

    6af5a6b85b045195e82e5c9d791d6b152fed93cdaf975c1dbc44af03298cd987ff61e630706419daa453e985c5b027d760f31e8240521cb3a6e6468120caceb5

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

fresh02.ddns.net:2245

Attributes
delay
3
install
true
install_file
logs.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      SecuriteInfo.com.Win32.DropperX-gen.6349.exe

    • Size

      7KB

    • MD5

      d1860473f9a55ae6d09604dc559888a1

    • SHA1

      1da7d140c29e91e73ab7bdbb1e5373933d867ff3

    • SHA256

      60b9dfe94376364fa7c7d47ca49cfcdae1b54cfad864098c6cf260f5bf870992

    • SHA512

      6af5a6b85b045195e82e5c9d791d6b152fed93cdaf975c1dbc44af03298cd987ff61e630706419daa453e985c5b027d760f31e8240521cb3a6e6468120caceb5

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation