General

  • Target

    Office_Macro_Downloader.zip

  • Size

    16.1MB

  • Sample

    230826-mhbjjabc6z

  • MD5

    93ca580ceebaceb3925547a810aa1c31

  • SHA1

    4156a523f0dc99949d10d61f35743b654c539e0c

  • SHA256

    231f7db79384197640d2d7658cfce15df3890e2b2d409b25fb1b679efaf9b3ab

  • SHA512

    e6c7fda2447f6862c74544704cb08748b8972e001ddbceb9180f04d4ee9cca9fefdb34eb5a1d945cd1e9f522d8e94fc38e2ddba8c1353ae2e39107f1acbd9afc

  • SSDEEP

    393216:mMJ8KEA10Mrn7k5BFdVRn6KvqlykpsN7s0zeSZPnX:mMFh1jrY7n6KTWW7sVSZPX

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Office Macro Downloader.exe

    • Size

      16.7MB

    • MD5

      dbeb46925e09a9db301826aede2a7492

    • SHA1

      4ecd45dde880ae009e74012c9542b86b44628392

    • SHA256

      f437550edd59b217bf948b3f38aa359712741be41e3c295f6956bb9d5cc363a0

    • SHA512

      c428443dbd5d19f909712cb2857f35fd57fdb4bbdad579548abc211883f785827e18b865529772a04704a9a2ec26c971ee480764c6ecb78e3860a427a9bc9075

    • SSDEEP

      393216:2vgYJFL8meCfC2HZtSrZ/T1nr88bMtW8xydTeQJQcFXu:2vVJFP1fRHeHr88duoTejcFXu

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks