General

  • Target

    PO Tlc 80998767768989757895757899.exe

  • Size

    575KB

  • Sample

    200630-y32l4d8pss

  • MD5

    7c904990e9592b2b8c460ea929a39b69

  • SHA1

    2954262f91a7c6949e5126ac0c254ca0e19fef68

  • SHA256

    5e21f7f70d7f4328f3d27e4b040ead9ffa6bab8f91dbb1fb9cb211058a4ea961

  • SHA512

    a994a6d4c707cddbebb75762a9d9170bbad4f92d806f594e3abec00f6662d70606e98501912f3090ff932309297250925f484cd68594f07f2b339d00089dceb4

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

79.134.225.125:1515

olodofries888.ddns.net:1515

Mutex

hviivkxwezcvf

Attributes
  • aes_key

    AgM7u51bkhal8AxhptfWLKgDRDdyn6AY

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

  • host

    79.134.225.125,olodofries888.ddns.net

  • hwid

    5

  • install_file

  • install_folder

    %AppData%

  • mutex

    hviivkxwezcvf

  • pastebin_config

    null

  • port

    1515

  • version

    0.5.6A

aes.plain

Targets

    • Target

      PO Tlc 80998767768989757895757899.exe

    • Size

      575KB

    • MD5

      7c904990e9592b2b8c460ea929a39b69

    • SHA1

      2954262f91a7c6949e5126ac0c254ca0e19fef68

    • SHA256

      5e21f7f70d7f4328f3d27e4b040ead9ffa6bab8f91dbb1fb9cb211058a4ea961

    • SHA512

      a994a6d4c707cddbebb75762a9d9170bbad4f92d806f594e3abec00f6662d70606e98501912f3090ff932309297250925f484cd68594f07f2b339d00089dceb4

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Async RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks