General

  • Target

    office.exe

  • Size

    47KB

  • Sample

    230328-bdsrgaaa3y

  • MD5

    f46262d1f88bfd6a7d396bb6bded7569

  • SHA1

    73ce3ccb3e8a84fdd4e02cf6bcf74104776b44e9

  • SHA256

    6001c8b4745bd5318ee72783181b6b010e399634c5d6a1195012cf8bfe8b0e24

  • SHA512

    b6aa3196bc786fb28fa4e0bba6f678a16bbf58fb77fc0c5a0185ec5bf5d204e5a4f786329505ee14653aa67ebaf01720852260485f64d4d97d0415ac0e5b4ce1

  • SSDEEP

    768:uu4X9TskvpDWUPANxmo2qb7rMzERKPI6XFfKgWX0bDzqoy9IYqZ+SrdImSgFayB4:uu4X9TswI2JERz6XFfKgWEbnLye+SJId

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

gan

C2

office-bcr-host.duckdns.org:8080

Mutex

Mutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Office98.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      office.exe

    • Size

      47KB

    • MD5

      f46262d1f88bfd6a7d396bb6bded7569

    • SHA1

      73ce3ccb3e8a84fdd4e02cf6bcf74104776b44e9

    • SHA256

      6001c8b4745bd5318ee72783181b6b010e399634c5d6a1195012cf8bfe8b0e24

    • SHA512

      b6aa3196bc786fb28fa4e0bba6f678a16bbf58fb77fc0c5a0185ec5bf5d204e5a4f786329505ee14653aa67ebaf01720852260485f64d4d97d0415ac0e5b4ce1

    • SSDEEP

      768:uu4X9TskvpDWUPANxmo2qb7rMzERKPI6XFfKgWX0bDzqoy9IYqZ+SrdImSgFayB4:uu4X9TswI2JERz6XFfKgWEbnLye+SJId

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks