General

  • Target

    ORDER-MTC04RFQGENZAK1220637501220524622023.ex.exe

  • Size

    970KB

  • Sample

    230306-pp14wacc52

  • MD5

    b1537fae210eb7c2f8a87515c7e8e1db

  • SHA1

    7180070c495e46021224f05ef236c28f3a45a2b6

  • SHA256

    ca0b1b8a0b420154b135f21acdc3612ad594ab31a56f0216979017514443c428

  • SHA512

    177b26201d2dd71cbd36c27d8f42c94da91ad35fe7304c83a9c811574ed66fe25cbbe3d51d87a5b3f119077da0767e21774f1521bbe582d5f4face5841368eef

  • SSDEEP

    24576:H1Qwe3cOQ5dKZzx+OebLOtavdOni2P+03bur:HBTgZzXeetav/e+Kbu

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

milanooffice.hopto.org:6606

milanooffice.hopto.org:7707

milanooffice.hopto.org:8808

milanooffice.hopto.org:4040

milanooffice.hopto.org:5058

milanooffice.hopto.org:80

51.68.180.4:6606

51.68.180.4:7707

51.68.180.4:8808

51.68.180.4:4040

51.68.180.4:5058

51.68.180.4:80

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    adobe.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ORDER-MTC04RFQGENZAK1220637501220524622023.ex.exe

    • Size

      970KB

    • MD5

      b1537fae210eb7c2f8a87515c7e8e1db

    • SHA1

      7180070c495e46021224f05ef236c28f3a45a2b6

    • SHA256

      ca0b1b8a0b420154b135f21acdc3612ad594ab31a56f0216979017514443c428

    • SHA512

      177b26201d2dd71cbd36c27d8f42c94da91ad35fe7304c83a9c811574ed66fe25cbbe3d51d87a5b3f119077da0767e21774f1521bbe582d5f4face5841368eef

    • SSDEEP

      24576:H1Qwe3cOQ5dKZzx+OebLOtavdOni2P+03bur:HBTgZzXeetav/e+Kbu

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks