General

  • Target

    PO# 4510225181 & 4510256792 V# 10089847 CAPE TOWN GENERAL TRADING F Z E.exe

  • Size

    984KB

  • Sample

    230308-tmx2nacc9v

  • MD5

    8f3db89faf3271a6411c1ba85469809e

  • SHA1

    06165cfd91035e9624cc15dcc1c6598d186f2ba8

  • SHA256

    73bd75310c7d227be8a35416785e4fa58b79796bed6fdccee63c8a73628173dd

  • SHA512

    f54f14d9bececee8437fece0cee6a5589714a08476c803017e7de2bd05d7f86bf22a9e8756903ed0c1fad6bee118364427b950852ba1a4cde48796aa59980705

  • SSDEEP

    12288:IJEP78/2iNAKgleITsf5C9btwlIjjIgWh/lfgiNLnY5wVxPMFVt25+ZmlkIup7cc:kEP78/17AeTf5otnOxvNLYuVS58WIuZ

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

milanooffice.hopto.org:6606

milanooffice.hopto.org:7707

milanooffice.hopto.org:8808

milanooffice.hopto.org:4040

milanooffice.hopto.org:5058

milanooffice.hopto.org:80

51.68.180.4:6606

51.68.180.4:7707

51.68.180.4:8808

51.68.180.4:4040

51.68.180.4:5058

51.68.180.4:80

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    adobe.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PO# 4510225181 & 4510256792 V# 10089847 CAPE TOWN GENERAL TRADING F Z E.exe

    • Size

      984KB

    • MD5

      8f3db89faf3271a6411c1ba85469809e

    • SHA1

      06165cfd91035e9624cc15dcc1c6598d186f2ba8

    • SHA256

      73bd75310c7d227be8a35416785e4fa58b79796bed6fdccee63c8a73628173dd

    • SHA512

      f54f14d9bececee8437fece0cee6a5589714a08476c803017e7de2bd05d7f86bf22a9e8756903ed0c1fad6bee118364427b950852ba1a4cde48796aa59980705

    • SSDEEP

      12288:IJEP78/2iNAKgleITsf5C9btwlIjjIgWh/lfgiNLnY5wVxPMFVt25+ZmlkIup7cc:kEP78/17AeTf5otnOxvNLYuVS58WIuZ

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks