General

  • Target

    SecuriteInfo.com.Win32.DropperX-gen.11831.8378.exe

  • Size

    577KB

  • Sample

    240809-twzlvawgpg

  • MD5

    b98dc1d3907a29896233f92a1f91cc15

  • SHA1

    daf5fa345ab29376c10ada6065f4e77526e8b531

  • SHA256

    20e9ad367dd61cf76d9aa1bd6993cf2c6a289b433d44fb445b0fb6d8a634fd03

  • SHA512

    a387a75cdb72537458e692e2339ed0840d7a4ffec390becd5175e142f10467c8e67c8c268b682b5c9d05facbdd1164c1d35875994b1b2398fca4578256bd6c90

  • SSDEEP

    3072:COsA++eZfkec3uppruBjYP2+t9deQ+rjnCvulC7/X3UcrBw5KPA:vsA++eFfniB853eQ+rTCvNxrCKP

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

591_GreBe

C2

89.105.201.98:591

Mutex

NJ1234dfffddfddfdfKJHYGTGYHUJIKOuy7t6r5er6t7y98u0iH&GYFTRCVGBHU9u8y7T^R%DFTYG&UHJ(K)_

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      SecuriteInfo.com.Win32.DropperX-gen.11831.8378.exe

    • Size

      577KB

    • MD5

      b98dc1d3907a29896233f92a1f91cc15

    • SHA1

      daf5fa345ab29376c10ada6065f4e77526e8b531

    • SHA256

      20e9ad367dd61cf76d9aa1bd6993cf2c6a289b433d44fb445b0fb6d8a634fd03

    • SHA512

      a387a75cdb72537458e692e2339ed0840d7a4ffec390becd5175e142f10467c8e67c8c268b682b5c9d05facbdd1164c1d35875994b1b2398fca4578256bd6c90

    • SSDEEP

      3072:COsA++eZfkec3uppruBjYP2+t9deQ+rjnCvulC7/X3UcrBw5KPA:vsA++eFfniB853eQ+rTCvNxrCKP

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks