General

  • Target

    63b427f3875eaf7475491877a49f71c5.zip

  • Size

    185KB

  • Sample

    240821-n8dl9axdqa

  • MD5

    abc1920cfba1af10e7f54affe065e74d

  • SHA1

    4a7705c98cba13a518d72db0792768ba33b59df5

  • SHA256

    fe0f54c271c3e45ca11e05b597de2cdfa6c1bc85589233c3e21b14bb7424f290

  • SHA512

    3d80d7ab3d4f5f93b25889ca37e9ea63ef671fe96ef209187b8a3982da153b838e502091b9752c44d09d2c3c7510850ed03db50b0d4e42ed5a7381c0381d944e

  • SSDEEP

    3072:diE2chk+fDRhOvHiB5DCb1ptrx5y8nmELgd4viIeb/ixw5ua4avWviyyRTAcCt:diqhiQAZpw8Qb/ixKb4CyyREcCt

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

157.20.182.172:3232

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1.mal_

    • Size

      331KB

    • MD5

      63b427f3875eaf7475491877a49f71c5

    • SHA1

      8d6a1d3ce30eec4284cc3303fdf12a22a12f2a82

    • SHA256

      600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1

    • SHA512

      c9ee7f62f028aafe4a2753e50c61a1ae25816d586f6eb080d6ff20be0f7d27f8b5b384ad473625042e76b2e708cf0407e52d8a6fda5c9f1ffc0caf40a4636a3c

    • SSDEEP

      6144:eEjIabdDyAnk2S5dE1hQqX9lecEEMH9O1BNI:eAIabd7nkc1h9X9Mo7I

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks