General
-
Target
3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
-
Size
49MB
-
Sample
221220-rw77wadb4w
-
MD5
29dbcafd5b93edc917ec738221a4d62d
-
SHA1
5ef0337f89afaa36072a5bd9a670fdf7c9b7535a
-
SHA256
3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
-
SHA512
800c0efd66509a8fa0816c47f061faf6b01a23b673d98495d2a5412d500feda502f9d7fdfb63a8a05948032fed1b9b63744db9cc0db6c78a1aa97840fca0ed76
-
SSDEEP
1572864:lJFzuWZZPyH0G/bJafhqikT1M2cgY/Dx2F91jn:lPrZZPyH0mQgikT11cgY/DxG7
Malware Config
Targets
-
-
Target
3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
-
Size
49MB
-
MD5
29dbcafd5b93edc917ec738221a4d62d
-
SHA1
5ef0337f89afaa36072a5bd9a670fdf7c9b7535a
-
SHA256
3a8c396709d693d9a6056b74722088ceb5881b93765df71f7124b1756bb7e72f
-
SHA512
800c0efd66509a8fa0816c47f061faf6b01a23b673d98495d2a5412d500feda502f9d7fdfb63a8a05948032fed1b9b63744db9cc0db6c78a1aa97840fca0ed76
-
SSDEEP
1572864:lJFzuWZZPyH0G/bJafhqikT1M2cgY/Dx2F91jn:lPrZZPyH0mQgikT11cgY/DxG7
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation