General

  • Target

    REMIITANCE FOR ORDER.PDF.exe

  • Size

    464KB

  • Sample

    240126-nxbzaacgh7

  • MD5

    2879fdc1610f2dbd53042f8ce17cb2e3

  • SHA1

    49e9c2591e40654c24e33ca581673d8ce9d316aa

  • SHA256

    055df72340a95664035986e6d027055304abed82949af74bb5e230c841a8f8f5

  • SHA512

    33275894a3864fdddcd217296d423642eadc637feda10478d3d33fe96ceaa7a9b53d70047207070026cbd403f4c296add6b61dbf36de05835178c80492d4b3ef

  • SSDEEP

    6144:DLlHQGlvj00IX3O5fWAMl3A4aHuEzudl8PlslnHxpP6egHA7cH0bqjnJEeriH+fr:DLlHQGlvU0U3YCNxqhJn9riHzGBXcG7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

fresh01.ddns.net:2256

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Logs.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      REMIITANCE FOR ORDER.PDF.exe

    • Size

      464KB

    • MD5

      2879fdc1610f2dbd53042f8ce17cb2e3

    • SHA1

      49e9c2591e40654c24e33ca581673d8ce9d316aa

    • SHA256

      055df72340a95664035986e6d027055304abed82949af74bb5e230c841a8f8f5

    • SHA512

      33275894a3864fdddcd217296d423642eadc637feda10478d3d33fe96ceaa7a9b53d70047207070026cbd403f4c296add6b61dbf36de05835178c80492d4b3ef

    • SSDEEP

      6144:DLlHQGlvj00IX3O5fWAMl3A4aHuEzudl8PlslnHxpP6egHA7cH0bqjnJEeriH+fr:DLlHQGlvU0U3YCNxqhJn9riHzGBXcG7

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks