Overview

overview

10

Static

static

3

HSBC USD 1...df.exe

windows7-x64

10

HSBC USD 1...df.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    HSBC USD 131.000_pdf.exe

  • Size

    551KB

  • Sample

    230526-r61wjsgd8w

  • MD5

    5d8880a5e3d68637a5c090e58b1d76d3

  • SHA1

    9c74c732bff3f79a47b3968cdbd19368c4ea7f7e

  • SHA256

    a242d05d9234c40a82be642ceb1c6e4ee4b5ff008ced528553f1cd104a6fd82c

  • SHA512

    2954107bc915dce0a01162d5c7e219140740b022011dca78d41550fc0672d3ab46f1accae5a514dd5d39bf8b9bda2de9b783295e46a6ab7e39128797941ba455

  • SSDEEP

    12288:17z5GoJiGaq5auJG1n+dFc294USODEXiX7Gwet7i+PH:x5GoR5akGodFX4UzVNg7tH

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

141.98.102.235:16296

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      HSBC USD 131.000_pdf.exe

    • Size

      551KB

    • MD5

      5d8880a5e3d68637a5c090e58b1d76d3

    • SHA1

      9c74c732bff3f79a47b3968cdbd19368c4ea7f7e

    • SHA256

      a242d05d9234c40a82be642ceb1c6e4ee4b5ff008ced528553f1cd104a6fd82c

    • SHA512

      2954107bc915dce0a01162d5c7e219140740b022011dca78d41550fc0672d3ab46f1accae5a514dd5d39bf8b9bda2de9b783295e46a6ab7e39128797941ba455

    • SSDEEP

      12288:17z5GoJiGaq5auJG1n+dFc294USODEXiX7Gwet7i+PH:x5GoR5akGodFX4UzVNg7tH

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks