General

  • Target

    CASH OFFER AND PROOF OF FUNDS.exe

  • Size

    78KB

  • Sample

    230503-nkc1tagd4t

  • MD5

    9a40168e711a0bd875ee4c912c0357a0

  • SHA1

    96505a9fd271da437eff5c191fbfbc3572e5bdb4

  • SHA256

    be7c5be95e0d3f3c841b3dace8eb4c46acb9e42970324ee976a41ec210ae9f86

  • SHA512

    ca35e6c155044aa35b4194605b7ca2341b0c15f9e37228d46a99198d08cb3442d9d6c2d51d6a2c60490b68a9d7752e96a6dc75e5c28981d682602af0f74b6f8d

  • SSDEEP

    1536:guvph1oILHFw7Dunm48VoDYednpbM/9oI6eYnw7TPxdF8o75F943hh:jvph1oILHOXut8O86S9oRe8wfxvXX4

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

191.101.130.28:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      CASH OFFER AND PROOF OF FUNDS.exe

    • Size

      78KB

    • MD5

      9a40168e711a0bd875ee4c912c0357a0

    • SHA1

      96505a9fd271da437eff5c191fbfbc3572e5bdb4

    • SHA256

      be7c5be95e0d3f3c841b3dace8eb4c46acb9e42970324ee976a41ec210ae9f86

    • SHA512

      ca35e6c155044aa35b4194605b7ca2341b0c15f9e37228d46a99198d08cb3442d9d6c2d51d6a2c60490b68a9d7752e96a6dc75e5c28981d682602af0f74b6f8d

    • SSDEEP

      1536:guvph1oILHFw7Dunm48VoDYednpbM/9oI6eYnw7TPxdF8o75F943hh:jvph1oILHOXut8O86S9oRe8wfxvXX4

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks