Overview

overview

10

Static

static

IMG_212022...11.exe

windows7_x64

10

IMG_212022...11.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_212022100120011.iso

  • Size

    130KB

  • Sample

    220122-jmjh6aacgl

  • MD5

    faf1041f0493d771cbf14d5b31f8f2a1

  • SHA1

    6a21be7f6188e1d7300e8ca0b860bdc2cd5d8c23

  • SHA256

    799763440e6afd098c97b79ac8e9e947bc49b69b311e98ceee8b9153ce9397e6

  • SHA512

    114937d6456d3a872344a5c7f06afc049b0b5066677912f7cdadec8ef049980197c06ac93c46ca88fdd783be2674d02d7c12ae1eeab2d2ec51cf35850f20aba0

Score
10/10
asyncratpersistencerat

Malware Config

Targets

    • Target

      IMG_212022100120011.exe

    • Size

      69KB

    • MD5

      cecfdefc8f201d03066386a9a6b011f0

    • SHA1

      fd451496139859f387cfef71404d50d042297ca0

    • SHA256

      5b476b935cae4bf02299f7dee135b0bb091fd7716b2973d7172e04f4f2985d72

    • SHA512

      aed76f8f33573fc1b62fd9e194e797fbccb7209e526ef6dc980882c6b889db6b6742e88d8fad0e0e29bc4620b7ae857be02cab380439cb231748c1fbc3d2fd8b

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks