General

  • Target

    f630f5623fca093258f2d364792a06c8becdcf4b3778d4dcd57e2a4973a3d2bb

  • Size

    86KB

  • Sample

    231124-hw655sgd84

  • MD5

    c2f12ab3b72a2099d712492e2ae14899

  • SHA1

    b6389bdc2d78c23532758113d77fd1d230eb2988

  • SHA256

    f630f5623fca093258f2d364792a06c8becdcf4b3778d4dcd57e2a4973a3d2bb

  • SHA512

    b266f5f9066f4ef5325590b783a40cd46c817d8e37d1451603c06bce6c7aba5759b804bdd99e728caf4b569dd1bb7c7645769caef37fda490af21291cb66d4f2

  • SSDEEP

    1536:2gckaSgfKzM23HwgZmZD9vEAcBoyglOhDHj4n/eZCLs2qB6aQQbgtgCODX2wUG:2gcxSgCzWZJveDEn/Xq7bgtgCODX5

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

MicrosoftEdg

C2

46.1.103.69:9371

Mutex

MicrosoftEdg

Attributes
  • delay

    3

  • install

    false

  • install_file

    MicrosoftEdge

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      f630f5623fca093258f2d364792a06c8becdcf4b3778d4dcd57e2a4973a3d2bb

    • Size

      86KB

    • MD5

      c2f12ab3b72a2099d712492e2ae14899

    • SHA1

      b6389bdc2d78c23532758113d77fd1d230eb2988

    • SHA256

      f630f5623fca093258f2d364792a06c8becdcf4b3778d4dcd57e2a4973a3d2bb

    • SHA512

      b266f5f9066f4ef5325590b783a40cd46c817d8e37d1451603c06bce6c7aba5759b804bdd99e728caf4b569dd1bb7c7645769caef37fda490af21291cb66d4f2

    • SSDEEP

      1536:2gckaSgfKzM23HwgZmZD9vEAcBoyglOhDHj4n/eZCLs2qB6aQQbgtgCODX2wUG:2gcxSgCzWZJveDEn/Xq7bgtgCODX5

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks