General

  • Target

    a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a

  • Size

    86KB

  • Sample

    231124-hp5zhagc97

  • MD5

    895e159d009d2f5f77e0411ec55e5d1c

  • SHA1

    6531925d61dd4188685b642bf5be98ba50702b29

  • SHA256

    a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a

  • SHA512

    375a30894de4f3ab9cce4345a143064e9291956bde3fcef2e5f8024f5a7b2a9815a04f972ba2987f18d74d1abed48c1d073fe2b301d494c218fde761b5388c47

  • SSDEEP

    1536:FyJxJgYSiBgCnp5m3pEn2jCq/2K4FBLdqPeuyBZS/n4bHGbgyH8uK2t5QK2jr:FKgTiBD5mCQB/+RBZSNbgyHVK2t5QKQ

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Winlogon

C2

46.1.103.69:2341

Mutex

Winlogon

Attributes
  • delay

    3

  • install

    false

  • install_file

    Winlogon

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a

    • Size

      86KB

    • MD5

      895e159d009d2f5f77e0411ec55e5d1c

    • SHA1

      6531925d61dd4188685b642bf5be98ba50702b29

    • SHA256

      a3c85ae937fa498fc73db79b951072565bbd13871e121ea54cbcd6a5b5ca962a

    • SHA512

      375a30894de4f3ab9cce4345a143064e9291956bde3fcef2e5f8024f5a7b2a9815a04f972ba2987f18d74d1abed48c1d073fe2b301d494c218fde761b5388c47

    • SSDEEP

      1536:FyJxJgYSiBgCnp5m3pEn2jCq/2K4FBLdqPeuyBZS/n4bHGbgyH8uK2t5QK2jr:FKgTiBD5mCQB/+RBZSNbgyHVK2t5QKQ

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks