General

  • Target

    dfe55f766e02d90c2f1c1794ee9fe59d6cd3ddec6a36b03f16fcb9ee58fc8d06

  • Size

    7KB

  • Sample

    221206-hs9f4agg5t

  • MD5

    5d9fea16ab0d9224b54d72e2321bcaff

  • SHA1

    499d709c1cbc22caf4e5efda230fb4a158714ea4

  • SHA256

    dfe55f766e02d90c2f1c1794ee9fe59d6cd3ddec6a36b03f16fcb9ee58fc8d06

  • SHA512

    c685ad6526099d126a47528e5230924fdf0762d2b35a0ca73afc1851ec6b4cbb931c08fcd3e419348a10365b04bb44b5561e0f191e4b4793433fd64e118049b4

  • SSDEEP

    192:umI098QkFrDZBXvkHarSNtUqDpU4WWCmWeds:T9eb5kjNt/DgWCmW2s

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

DefenderSmartScren

C2

217.64.31.3:8437

Attributes
delay
3
install
false
install_file
SecurityHealtheurvice.exe
install_folder
%AppData%
aes.plain

Targets

    • Target

      dfe55f766e02d90c2f1c1794ee9fe59d6cd3ddec6a36b03f16fcb9ee58fc8d06

    • Size

      7KB

    • MD5

      5d9fea16ab0d9224b54d72e2321bcaff

    • SHA1

      499d709c1cbc22caf4e5efda230fb4a158714ea4

    • SHA256

      dfe55f766e02d90c2f1c1794ee9fe59d6cd3ddec6a36b03f16fcb9ee58fc8d06

    • SHA512

      c685ad6526099d126a47528e5230924fdf0762d2b35a0ca73afc1851ec6b4cbb931c08fcd3e419348a10365b04bb44b5561e0f191e4b4793433fd64e118049b4

    • SSDEEP

      192:umI098QkFrDZBXvkHarSNtUqDpU4WWCmWeds:T9eb5kjNt/DgWCmW2s

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks