General

  • Target

    Information About Current Social Security Benefits Your Statement Benefit ID#260_XXX_A0008731.JS.js

  • Size

    31KB

  • Sample

    230508-qdr79sce7w

  • MD5

    2a634644d7c354641e8669dc224efa6e

  • SHA1

    f3846d63fcf5dfbaaa61351c23fa352f44a07ac6

  • SHA256

    a779a194e7901ef59d91eef611fb4973560b399dfe4df6b6e64f07fd254d271a

  • SHA512

    18ba9370cf1f336afacc13cdd8129236b45ffd16f8b3d017602b9130291a89f9cdb9ccb60394cbb668b12f4ec9dfb33f1b8a917efc3baaed30b113852a9c5936

  • SSDEEP

    768:sggggggggggg8ggggggggggg5GgggggggggggygggggggggggzDgggggggggggkb:sggggggggggg8gggggggggggoggggggk

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

194.87.151.125:7399

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Information About Current Social Security Benefits Your Statement Benefit ID#260_XXX_A0008731.JS.js

    • Size

      31KB

    • MD5

      2a634644d7c354641e8669dc224efa6e

    • SHA1

      f3846d63fcf5dfbaaa61351c23fa352f44a07ac6

    • SHA256

      a779a194e7901ef59d91eef611fb4973560b399dfe4df6b6e64f07fd254d271a

    • SHA512

      18ba9370cf1f336afacc13cdd8129236b45ffd16f8b3d017602b9130291a89f9cdb9ccb60394cbb668b12f4ec9dfb33f1b8a917efc3baaed30b113852a9c5936

    • SSDEEP

      768:sggggggggggg8ggggggggggg5GgggggggggggygggggggggggzDgggggggggggkb:sggggggggggg8gggggggggggoggggggk

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks