General

  • Target

    940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701

  • Size

    6KB

  • Sample

    231124-hp6wsshd6t

  • MD5

    a75b85a9502a6933aa0a9873ac3a6df0

  • SHA1

    b477e4eb9df62f6e3e80a6e3e54b4d2812c842ed

  • SHA256

    940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701

  • SHA512

    cdb238f48c60f92dc7896c7f5d6d4ea52499e918740c782092b59fbb96e0a1369ceb63be82c28c45683efae0480a94ee6369bbd10408907b24d15232e053bce7

  • SSDEEP

    96:779Gll3VI2BG3axVYVGrUqD73T8j/nziMTXud3ojMXrl:H9G/33BGuUqDTT8j/nugudF

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MicrosoftEdg

C2

46.1.103.69:9371

Mutex

MicrosoftEdg

Attributes
  • delay

    3

  • install

    false

  • install_file

    MicrosoftEdge

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701

    • Size

      6KB

    • MD5

      a75b85a9502a6933aa0a9873ac3a6df0

    • SHA1

      b477e4eb9df62f6e3e80a6e3e54b4d2812c842ed

    • SHA256

      940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701

    • SHA512

      cdb238f48c60f92dc7896c7f5d6d4ea52499e918740c782092b59fbb96e0a1369ceb63be82c28c45683efae0480a94ee6369bbd10408907b24d15232e053bce7

    • SSDEEP

      96:779Gll3VI2BG3axVYVGrUqD73T8j/nziMTXud3ojMXrl:H9G/33BGuUqDTT8j/nugudF

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks