General

  • Target

    c4e10100c5cf7bec2d9d0a1d7203ddb2.bin

  • Size

    165KB

  • Sample

    240630-d8ybjstcnb

  • MD5

    3ce8ae82fa03e59a7e7bb00b7030a60c

  • SHA1

    fcc0c8b4297e86af7664f2514f255a3e4c01c7ad

  • SHA256

    901318e2eec82a66888f6cf60a8e6e49dfe2957c01fcf596df66861ac6bd1c07

  • SHA512

    3165bccb1ad6c4e04059bb83f2181b7f63493596569f8a88ef1491e46cf562f568c405b6a7d817066234dec7ef9ef5aef68a0a2e07bc04730833441cfef2d5f2

  • SSDEEP

    3072:06Jl6wZyuTb0ufhaLAejcm9bzl9jqh2TNKmKVmV1xHys5GFF31p9qSJIzvsPXygs:06Jl6wZyuTbkj5/NsmwcjSLqiIzvsvPs

Malware Config

Targets

    • Target

      fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe

    • Size

      405KB

    • MD5

      c4e10100c5cf7bec2d9d0a1d7203ddb2

    • SHA1

      24a6ecd52fb2165b8563a2853898316851638871

    • SHA256

      fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7

    • SHA512

      ff6bd9bdcb95641c5e19aeef99d9cdddb33b5b309ec358a1a50ba00d2cea9a3fa22a0239b4e09d4a8904d4b7f470bbc621d5e0d60331bc5800709d308faf3202

    • SSDEEP

      6144:0NYzj2jBoO33tq6qbXaYBc1g5aN9KBBBBBBByygHG/bZbYdNpmIU:eYzAq81g5aN+BoKD

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks