General

  • Target

    cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be

  • Size

    5KB

  • Sample

    231124-hp5nqsgc96

  • MD5

    3ed2b4079de8367146d73a4eabbb527b

  • SHA1

    59ae6a2c2c6fa1aa8c7bffc04e6123c5b301c038

  • SHA256

    cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be

  • SHA512

    f7a6e86c1a33e212c932a0a7f3f2674018ed8a48ccd24380ee2a199a0c9133971577d6c7cc93e1ea8294bc68657bbcb8342b8f103dc201a3d37602a8882d5a8d

  • SSDEEP

    96:s2cG794DCFyRr/nVIUqSGttZNtUq7GDpxSd3ojJirl:bcg94WFm/eUqS4LNtUq7QSdB

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Winlogon

C2

46.1.103.69:2341

Mutex

Winlogon

Attributes
  • delay

    3

  • install

    false

  • install_file

    Winlogon

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be

    • Size

      5KB

    • MD5

      3ed2b4079de8367146d73a4eabbb527b

    • SHA1

      59ae6a2c2c6fa1aa8c7bffc04e6123c5b301c038

    • SHA256

      cf7251cce700eca1370e65fb29f0e5e960a44ac77347ffcaa7daab45f693a8be

    • SHA512

      f7a6e86c1a33e212c932a0a7f3f2674018ed8a48ccd24380ee2a199a0c9133971577d6c7cc93e1ea8294bc68657bbcb8342b8f103dc201a3d37602a8882d5a8d

    • SSDEEP

      96:s2cG794DCFyRr/nVIUqSGttZNtUq7GDpxSd3ojJirl:bcg94WFm/eUqS4LNtUq7QSdB

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks