Overview

overview

10

Static

static

Attachments.exe

windows7_x64

10

Attachments.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Attachments.exe

  • Size

    18KB

  • Sample

    220126-zvgmjaadbp

  • MD5

    634a457966e4aebe14c44c204a4fed86

  • SHA1

    f62dfe7c3a0db8ab50d4c858020a57503b479944

  • SHA256

    39f7b43c182fb69287831fd54fc6cc7733a22430f876416cb3a5a60c1da1faa1

  • SHA512

    c0da6e668e74877aab80e6acda09b683aed9145303aa6191cf52589de16d4961f9016f79acd39f932e60e06c700bbb9d5b3943f223c8316eb1a98cb6a4853ecb

Score
10/10
asyncratpersistencerat

Malware Config

Targets

    • Target

      Attachments.exe

    • Size

      18KB

    • MD5

      634a457966e4aebe14c44c204a4fed86

    • SHA1

      f62dfe7c3a0db8ab50d4c858020a57503b479944

    • SHA256

      39f7b43c182fb69287831fd54fc6cc7733a22430f876416cb3a5a60c1da1faa1

    • SHA512

      c0da6e668e74877aab80e6acda09b683aed9145303aa6191cf52589de16d4961f9016f79acd39f932e60e06c700bbb9d5b3943f223c8316eb1a98cb6a4853ecb

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks