General
-
Target
aitstatic.rar
-
Size
62KB
-
Sample
240713-ajcrrszbpa
-
MD5
34eab96072e8c3e51aec8b750a981103
-
SHA1
f89745ef4b1f5b6103d62c1ff6d312a9c2e8cb4d
-
SHA256
25d8056c1359d49a58ee002ee700f2258250ed896024446f6513a7ec1c078cbc
-
SHA512
635e0ce33982f8d6f0a39ecd711701d3cd0a6e2adf9ec43b90cde0fd005e6df2ef2ef1b20b94efceb7a922260ac06a2db1f623e9fbd2b0ac65776dd5bad2a539
-
SSDEEP
1536:yIBVw0rPUIAnSsQ1ub93a/iencU6S/mp+WOMDKw/P:1y2bO5QsVa6+cjMCLDF/P
Malware Config
Extracted
asyncrat
0.5.8
T
20.199.8.16:1726
31FGTEWnaxDE
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Targets
-
-
Target
aitstatic.exe
-
Size
91KB
-
MD5
e6c995a0e7501ec3225445715167d8dc
-
SHA1
79b02d623f87d34eb1c2377951f7175aca20d13b
-
SHA256
411fff49f678ead45849d655d50084f667bef58a12f298b86697f2cf0fedbef6
-
SHA512
617aac88b90264f0f8b3f5659f9c987291bd872f84289eec2d1e727275d54e973c4cee8f3e7b3c5089eeff620db7c728e061ef58f31606ecddffd81d37936868
-
SSDEEP
1536:hM5PfX2tIAHgjWwKVF+DF9J4IstZsEaLBosLNkkFD74ptKq6:hM1fm/gjWw8+DTJ4IstgL6uNkkFD74pe
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1