Overview

overview

10

Static

static

10

1234.exe

windows7_x64

8

1234.exe

windows10_x64

10

Resubmissions

15-04-2021 19:10

210415-w74xxxq3ts 10

15-04-2021 19:06

210415-7qwvfw5l22 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample1234.zip

  • Size

    635KB

  • Sample

    210415-w74xxxq3ts

  • MD5

    29ae2619c95a76a2fd25721a86aa59ab

  • SHA1

    13c765eb00d01369617e79efab3c2e21ac5e8c50

  • SHA256

    2edd49d375ebc4673d759b8a135bced75c0ffb3c2e5b2e924ee2a6ed521d575a

  • SHA512

    2ca34f9d3cf713f9161b99c7d83455f4a8072abe3c6ae566e06c8c177ccffce0bae4e5cbb8ce046683f2ca9423f3ff926115fc66b18d134fba27a0b091809af6

Score
10/10
asyncrat

Malware Config

Extracted

Family

asyncrat

C2

:

Mutex

Attributes
  • aes_key

  • anti_detection

  • autorun

  • bdos

  • delay

  • host

  • hwid

    {11111-22222-40001-00002}

  • install_file

  • install_folder

    {11111-22222-50001-00000}

  • mutex

  • pastebin_config

  • port

  • version

aes.plain

Targets

    • Target

      1234.exe

    • Size

      1.2MB

    • MD5

      45de46aae024150078e249dec173a337

    • SHA1

      bd1f8891836765f1c58777806cb82657b8c3bd7e

    • SHA256

      554ac14fb25de9add3d66f0877a7da079bf6818a4957a21b2a618c6aac22b6c4

    • SHA512

      2bb1d4d1908cc2534677f32861dd0185c2907508112d05434d731088a62f9f28071e8652111c2745dad28d4334c696471dc358ca9537b08e390157d5502def24

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks