General

  • Target

    2012-63-0x0000000000400000-0x000000000043A000-memory.dmp

  • Size

    232KB

  • Sample

    230306-ps6hrscc59

  • MD5

    fbea0510f3f60096195718467cd5ff1f

  • SHA1

    b7fe9dbcacdf9ab4e9409a28de10752b2d318d97

  • SHA256

    88c57fa2f0585d2ae8c851dfb9fb6212b6aa5cfae04cf2c3fdbf870029a8e1a1

  • SHA512

    0632572483ce32265713545f76835b6d64957d131241d94012cf8b90ce10b4a675248f0ccd3a7d2f9618ee43e926d97d79c4a5f3c3b75e029ea249d338df70ae

  • SSDEEP

    768:2uWq1T1hx/9WU9uloXmo2qzipt0vTPTCvx8PIWvjbOgX3iJsxQQaH07qlUCAhTbd:2uWq1T1PsC2N20BWbbxXSOx2qqWV+Gd

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

milanooffice.hopto.org:6606

milanooffice.hopto.org:7707

milanooffice.hopto.org:8808

milanooffice.hopto.org:4040

milanooffice.hopto.org:5058

milanooffice.hopto.org:80

51.68.180.4:6606

51.68.180.4:7707

51.68.180.4:8808

51.68.180.4:4040

51.68.180.4:5058

51.68.180.4:80

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    adobe.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2012-63-0x0000000000400000-0x000000000043A000-memory.dmp

    • Size

      232KB

    • MD5

      fbea0510f3f60096195718467cd5ff1f

    • SHA1

      b7fe9dbcacdf9ab4e9409a28de10752b2d318d97

    • SHA256

      88c57fa2f0585d2ae8c851dfb9fb6212b6aa5cfae04cf2c3fdbf870029a8e1a1

    • SHA512

      0632572483ce32265713545f76835b6d64957d131241d94012cf8b90ce10b4a675248f0ccd3a7d2f9618ee43e926d97d79c4a5f3c3b75e029ea249d338df70ae

    • SSDEEP

      768:2uWq1T1hx/9WU9uloXmo2qzipt0vTPTCvx8PIWvjbOgX3iJsxQQaH07qlUCAhTbd:2uWq1T1PsC2N20BWbbxXSOx2qqWV+Gd

    Score
    1/10

MITRE ATT&CK Matrix

Tasks