General

  • Target

    CIRCULAR PROCESO REQUERIMIENTO BBVA #20012452 CODIGO DE VERIFICACION 8005241561ff1565465a4564164654da56416564564ca64165454a64616546ff8497919846548498498419_pdf.exe

  • Size

    1MB

  • Sample

    221003-kzc3ksfhc4

  • MD5

    bed6117693dadb458cf4686b87a7e753

  • SHA1

    b8f242faa45a641e2b1fa4237abb3d9f12e680b3

  • SHA256

    afaed2a9b59964e7fcf1bcfdf4f1dcb0ac299875c27c0e699277d5326340bdb3

  • SHA512

    b2370de67e8cc280de94b274fb3ed4fb960fe9ba45d5aa820adb1a806a0ee37a0d7ee1e1c8debd3f62c210197ffefec47e2640fcbe00fdac5d302dae2138b7a3

Malware Config

Targets

    • Target

      CIRCULAR PROCESO REQUERIMIENTO BBVA #20012452 CODIGO DE VERIFICACION 8005241561ff1565465a4564164654da56416564564ca64165454a64616546ff8497919846548498498419_pdf.exe

    • Size

      1MB

    • MD5

      bed6117693dadb458cf4686b87a7e753

    • SHA1

      b8f242faa45a641e2b1fa4237abb3d9f12e680b3

    • SHA256

      afaed2a9b59964e7fcf1bcfdf4f1dcb0ac299875c27c0e699277d5326340bdb3

    • SHA512

      b2370de67e8cc280de94b274fb3ed4fb960fe9ba45d5aa820adb1a806a0ee37a0d7ee1e1c8debd3f62c210197ffefec47e2640fcbe00fdac5d302dae2138b7a3

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation