Overview

overview

10

Static

static

144bc1cda3...in.exe

windows7_x64

10

144bc1cda3...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    144bc1cda39a3937907159a6977ea8128965e91956f6bd81d785bbf0ecd61c4b.bin

  • Size

    4.8MB

  • Sample

    211020-fw2jjsgfa2

  • MD5

    07976cdfa58a6a468bcc4f48f8d31fe9

  • SHA1

    935e598a59c40999d35db0048eb49d704207a512

  • SHA256

    144bc1cda39a3937907159a6977ea8128965e91956f6bd81d785bbf0ecd61c4b

  • SHA512

    286277f7fba78ce00f984ead7f8b40ba50477a6ca8f8b028fff5439efa416ecf200e2ad45b0fda9c15a0f526658e8c3026ecb6128426b7737cf002d9713d6b58

Score
10/10
asyncratmicrosoftphishingrat

Malware Config

Targets

    • Target

      144bc1cda39a3937907159a6977ea8128965e91956f6bd81d785bbf0ecd61c4b.bin

    • Size

      4.8MB

    • MD5

      07976cdfa58a6a468bcc4f48f8d31fe9

    • SHA1

      935e598a59c40999d35db0048eb49d704207a512

    • SHA256

      144bc1cda39a3937907159a6977ea8128965e91956f6bd81d785bbf0ecd61c4b

    • SHA512

      286277f7fba78ce00f984ead7f8b40ba50477a6ca8f8b028fff5439efa416ecf200e2ad45b0fda9c15a0f526658e8c3026ecb6128426b7737cf002d9713d6b58

    Score
    10/10
    asyncratratmicrosoftphishing

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks