General

  • Target

    payment_advice.exe

  • Size

    378KB

  • Sample

    220114-vtqftshffm

  • MD5

    8c111a2fb2509662db26b214b72e4e36

  • SHA1

    1706e12b96c88c74b1551184770221ae90eded88

  • SHA256

    18dee23d492e67fd0644205091068422a7322f94f9028a4a85a87505e6003cb8

  • SHA512

    75f03d45240f22e92f3a6d0133de64ccb7e4d59d0b4eafbc8b44f668e7f3d98580cd486c36aaa110d7ee67b9aa3373b597e427c2c86a54b659e1ad880bc9cb87

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

185.222.57.80:6275

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    20

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      payment_advice.exe

    • Size

      378KB

    • MD5

      8c111a2fb2509662db26b214b72e4e36

    • SHA1

      1706e12b96c88c74b1551184770221ae90eded88

    • SHA256

      18dee23d492e67fd0644205091068422a7322f94f9028a4a85a87505e6003cb8

    • SHA512

      75f03d45240f22e92f3a6d0133de64ccb7e4d59d0b4eafbc8b44f668e7f3d98580cd486c36aaa110d7ee67b9aa3373b597e427c2c86a54b659e1ad880bc9cb87

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    • Async RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks