Overview

overview

10

Static

static

Disposable...76.exe

windows7_x64

10

Disposable...76.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2ced5a1e231d5578384832a809fd4e3b5dcbb05cc70cdec1f6bfa364f9868d8

  • Size

    142KB

  • Sample

    220521-bp17zsccb5

  • MD5

    de1930233903a999027ef95a869b0f63

  • SHA1

    5a206f64e8570b32e51e6dfe1def839d77b8a7d8

  • SHA256

    b2ced5a1e231d5578384832a809fd4e3b5dcbb05cc70cdec1f6bfa364f9868d8

  • SHA512

    18368fe64b6324af1364b30e8caa41bca0c4d69d2fea13e562fb762e315893239dc6ed4bf5d3e211762caceb89a3dbc21a51ddd10e4b81da8e9039c1b12e6b37

Score
10/10
asyncratmikemikecoreentityratrezer0

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

MIKEMIKE

C2

185.165.153.215:6606

Mutex

uqeolevmck

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Disposable protective clothings PCKIN #6176.exe

    • Size

      316KB

    • MD5

      467a66feca37c23d56c08770cbfc5703

    • SHA1

      b8850adf52c37f40bd0b58f6e959c987adac2794

    • SHA256

      e2441bea072dce22af4853106891cb87d314461749fde2b31a0f6b3521e5daa3

    • SHA512

      2b893ee0d270c4aa9b181c305aec9423af27dbbbcfbe0cb38b6c0b8ac6a5c486e7795d77146000a20776b4fdd68118245e267f3bfc58e73218248cf56ae74cf1

    Score
    10/10
    asyncratmikemikecoreentityratrezer0

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Async RAT payload

      rat

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks