General
-
Target
AssistSetup.exe
-
Size
28MB
-
Sample
230201-grnbsscb24
-
MD5
51643b94c22b0d6a0aaa53dc15308f8d
-
SHA1
bf0830f651cd289a90a46d7dd5f9c24bae495fdb
-
SHA256
b083bc071898398980cc296335bfa73553bf87e2f0826ed01ad2f71e3f314f04
-
SHA512
592e926fded2bdcadaffb65877e370c01adfff77f5ea99f626c765d439beb1050de395f3157da3252cb56bfa79f6926316593acfe7108f31a995ac335751380a
-
SSDEEP
786432:NlEMdXj09/AYxfSqq/Z+r8FwH/+CEwWFsS/ZxeIH83Rs:NlEMdX5RquJycwW+IZcIYi
Malware Config
Targets
-
-
Target
AssistSetup.exe
-
Size
28MB
-
MD5
51643b94c22b0d6a0aaa53dc15308f8d
-
SHA1
bf0830f651cd289a90a46d7dd5f9c24bae495fdb
-
SHA256
b083bc071898398980cc296335bfa73553bf87e2f0826ed01ad2f71e3f314f04
-
SHA512
592e926fded2bdcadaffb65877e370c01adfff77f5ea99f626c765d439beb1050de395f3157da3252cb56bfa79f6926316593acfe7108f31a995ac335751380a
-
SSDEEP
786432:NlEMdXj09/AYxfSqq/Z+r8FwH/+CEwWFsS/ZxeIH83Rs:NlEMdX5RquJycwW+IZcIYi
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Discovery
Query Registry
5System Information Discovery
5Peripheral Device Discovery
2Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation