General

  • Target

    IMG-06-03-2023 SOPORTE DE PAGO.exe

  • Size

    1004KB

  • Sample

    230306-vmy5dsch5t

  • MD5

    78b82769e33e8b7fbe522a5f91aec971

  • SHA1

    342f969990164f29724d9649c5d6828589679df5

  • SHA256

    f21171b0e5d65b883415f0d998bd7f6be2ba09017ade19e1def13b6816168798

  • SHA512

    8f0903cf10f27a835a885beb6da5dc04438b001e53c1c2035a83188ce074715b877c5493bc2334e3d76be24d037a9900fa1a174b10fffd8d5ce2641a9bb592f5

  • SSDEEP

    12288:l6HhNEz9y3joQ+Bv+sZDmcGJefWytVjec9JX37o78J0AZOODDsL:l6EwTHXe9dfZhC

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

gsfdsfhghsff.duckdns.org:8020

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      IMG-06-03-2023 SOPORTE DE PAGO.exe

    • Size

      1004KB

    • MD5

      78b82769e33e8b7fbe522a5f91aec971

    • SHA1

      342f969990164f29724d9649c5d6828589679df5

    • SHA256

      f21171b0e5d65b883415f0d998bd7f6be2ba09017ade19e1def13b6816168798

    • SHA512

      8f0903cf10f27a835a885beb6da5dc04438b001e53c1c2035a83188ce074715b877c5493bc2334e3d76be24d037a9900fa1a174b10fffd8d5ce2641a9bb592f5

    • SSDEEP

      12288:l6HhNEz9y3joQ+Bv+sZDmcGJefWytVjec9JX37o78J0AZOODDsL:l6EwTHXe9dfZhC

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks