General

  • Target

    SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

  • Size

    216KB

  • Sample

    240809-twypjswgpb

  • MD5

    5dd4e2111931c62c4093aa49f4934b9a

  • SHA1

    077c3e7aecd3e796246bb9d8c6d8bebed575187a

  • SHA256

    256bf164fbfd8bf52c47f08c73492854601a8579b642d72f7b9facae1f7e1d35

  • SHA512

    5a205d6c4c11c41562bd127c3196645ae4ecdfbe551531cc250c2abd72952403e5846561e98142d51e38777c7f597817e44aca4cb9e1ac8607db1509cafd5435

  • SSDEEP

    3072:EOsA++eZfkeB3uppruBjYPS+ttfQfLgJVNfSSl9WBX7/X3UYdB8:5sA++eF0niB89azgzl9wLd

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

591_GreBe

C2

89.105.201.98:591

Mutex

NJ1234dfffddfddfdfKJHYGTGYHUJIKOuy7t6r5er6t7y98u0iH&GYFTRCVGBHU9u8y7T^R%DFTYG&UHJ(K)_

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      SecuriteInfo.com.Win32.DropperX-gen.709.18225.exe

    • Size

      216KB

    • MD5

      5dd4e2111931c62c4093aa49f4934b9a

    • SHA1

      077c3e7aecd3e796246bb9d8c6d8bebed575187a

    • SHA256

      256bf164fbfd8bf52c47f08c73492854601a8579b642d72f7b9facae1f7e1d35

    • SHA512

      5a205d6c4c11c41562bd127c3196645ae4ecdfbe551531cc250c2abd72952403e5846561e98142d51e38777c7f597817e44aca4cb9e1ac8607db1509cafd5435

    • SSDEEP

      3072:EOsA++eZfkeB3uppruBjYPS+ttfQfLgJVNfSSl9WBX7/X3UYdB8:5sA++eF0niB89azgzl9wLd

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks