General

  • Target

    URGENT PO# 4510225181 & 4510256792 V# 10089847 CAPE TOWN GENERAL TRADING.zip

  • Size

    723KB

  • Sample

    230308-tqs7waeb5s

  • MD5

    ab712a4192195f146528b9b81c954a31

  • SHA1

    f71becddee77146526939a8eec72ef83a1703eac

  • SHA256

    665cdb347fa978e2b776883fec9c4a4953dbfab76c092a16de44b52e3c0859a3

  • SHA512

    0d1ec8cafd22a6567e4cfaff7d84658639da2f516e6a25e58ba3263dd3fe8f9e750324c4c0ff378db667b63ec2659af8f16afb0d458342c56a52f7d74fdfee9e

  • SSDEEP

    12288:dgoXqOJmHF2imi9aK8lAITsvjC9bN8/IjjIqWbHjBgiRNnYHwR7PMPVH25IzmNkh:ysq+qF1bFEATvjQRnQlvRNYQRcLSeIMh

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

milanooffice.hopto.org:6606

milanooffice.hopto.org:7707

milanooffice.hopto.org:8808

milanooffice.hopto.org:4040

milanooffice.hopto.org:5058

milanooffice.hopto.org:80

51.68.180.4:6606

51.68.180.4:7707

51.68.180.4:8808

51.68.180.4:4040

51.68.180.4:5058

51.68.180.4:80

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    adobe.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PO# 4510225181 & 4510256792 V# 10089847 CAPE TOWN GENERAL TRADING F Z E.exe

    • Size

      984KB

    • MD5

      8f3db89faf3271a6411c1ba85469809e

    • SHA1

      06165cfd91035e9624cc15dcc1c6598d186f2ba8

    • SHA256

      73bd75310c7d227be8a35416785e4fa58b79796bed6fdccee63c8a73628173dd

    • SHA512

      f54f14d9bececee8437fece0cee6a5589714a08476c803017e7de2bd05d7f86bf22a9e8756903ed0c1fad6bee118364427b950852ba1a4cde48796aa59980705

    • SSDEEP

      12288:IJEP78/2iNAKgleITsf5C9btwlIjjIgWh/lfgiNLnY5wVxPMFVt25+ZmlkIup7cc:kEP78/17AeTf5otnOxvNLYuVS58WIuZ

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks