General

  • Target

    tmp

  • Size

    641KB

  • Sample

    221003-m9xabadcb2

  • MD5

    cd67ba75d4806b402025205991a2c21a

  • SHA1

    b7da7ff58dd3a75dfcf1998798120cde3af9b50f

  • SHA256

    8e01aa31c94e31de086a742c522520282d8b7fb784bc1875e0c005debfa77a4a

  • SHA512

    94cc00ba428fb1befeb4c3480cfc5f6eb63ac2dbd83b9da701453196b3aab6c6d060363c8c2b01d3e7a6a85836992e705546231fe21e6af38d5ca4eaa8775fa8

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

195.133.18.181:8878

Attributes
delay
1
install
true
install_file
ExacqVision.exe
install_folder
%Temp%
aes.plain

Targets

    • Target

      tmp

    • Size

      641KB

    • MD5

      cd67ba75d4806b402025205991a2c21a

    • SHA1

      b7da7ff58dd3a75dfcf1998798120cde3af9b50f

    • SHA256

      8e01aa31c94e31de086a742c522520282d8b7fb784bc1875e0c005debfa77a4a

    • SHA512

      94cc00ba428fb1befeb4c3480cfc5f6eb63ac2dbd83b9da701453196b3aab6c6d060363c8c2b01d3e7a6a85836992e705546231fe21e6af38d5ca4eaa8775fa8

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation