Overview

overview

10

Static

static

ISO/Binnot.bat

windows10_x64

1

ISO/Binnot.ps1

windows10_x64

1

ISO/Binnot.vbs

windows10_x64

3

ISO/Unlimited.bat

windows10_x64

1

ISO/Unlimited.ps1

windows10_x64

10

ISO/Unlimited.vbs

windows10_x64

3

Unlimited/...ot.ps1

windows10_x64

1

Unlimited/...ot.vbs

windows10_x64

3

Unlimited/...ed.bat

windows10_x64

1

Unlimited/...ed.ps1

windows10_x64

10

Unlimited/...ed.vbs

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unlimited.7z

  • Size

    157KB

  • Sample

    220531-3jz7aaddd4

  • MD5

    89977aada65459ed24de995af822b2e7

  • SHA1

    29d9396b4dfcec849e65d75b88369c8d757777fc

  • SHA256

    6ce7ce1af52e51f8b00c5909ecf7d3bab9d43a7502bde1445614d0b34b8baab4

  • SHA512

    04fcff8e923bfedaed7351480b9167b97e8830d349666098c65f7dcff0d86ed8b7f8451dc813b1857116ee504d96d84e091474ec2f6424951450d664b442fa4f

Score
10/10
asyncratrandomratsuricata

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Random

C2

mekhocairos.linkpc.net:6666

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ISO/Binnot.bat

    • Size

      96B

    • MD5

      f1d747a7825a5db756d428a5254d244e

    • SHA1

      7db56fe57492bd856c787cd2a836eff4f2ce5e01

    • SHA256

      5863b76caee43b2f1efdd2322f2e5731b1537d1deeb35e860cd75a8304fe4ddf

    • SHA512

      4b1f63df96b8f9e2a381855974b2efab5bd48ae342b1e29a51661d0514ba6f8e62d23e3e58a9a9f978d39880ab03a9b9bf72ab52a546a965da20daa18c4d246d

    Score
    1/10
    behavioral1

    • Target

      ISO/Binnot.ps1

    • Size

      781B

    • MD5

      58ef18971b1520648e0c6d67036251ff

    • SHA1

      68bd1ee657ff233f6a1ee453914aaecdeb845284

    • SHA256

      226b14799e579e28954937fa3ffdb7d0e5dcd10360b35c329a7246a23be4b4b3

    • SHA512

      9b7f04aca4b3e2af5aafdc9ea30c1722722d668078bea8b0aaa2394d0cb50ac75716fb9173d4084bd5a9cfaa279bd94404b64c140532daa5b3bdd66842f332d2

    Score
    1/10
    behavioral2

    • Target

      ISO/Binnot.vbs

    • Size

      161B

    • MD5

      7b0e58ca3cd90265cfad552b57b52726

    • SHA1

      732d67419df7ae6ab6512e697f7cdfd72aad4f15

    • SHA256

      f6f353790e3f1f92ac7be5bc0f03a334e199cbbd53392e9eb8079f9b8495cc6f

    • SHA512

      9f4853237c88f2045bdacc616360f67abadfec21547a3413f0e72491e0c9d896030a3091e3bf5453f0b787c6dfcaea51c4eaa3e15a1ab982b7e3d5159172c0ba

    Score
    3/10
    behavioral3

    • Target

      ISO/Unlimited.bat

    • Size

      99B

    • MD5

      eff64d56c40c54a1f9891d7a6ad54899

    • SHA1

      dbaf9a4aeb8484690d6118155d59158598f0799a

    • SHA256

      c846b192c5dc974c6d63024a06d4c31b2f7c8baa61af133e5b00009b68df86e2

    • SHA512

      c89f82c7807b947e10f82740c01d5cb996e95c4a6e79375eee6b981d0ed911d31537e964d0cefef874c7e12f9f4baf237f0f9ed44de866abd3c8030a25b7cc83

    Score
    1/10
    behavioral4

    • Target

      ISO/Unlimited.ps1

    • Size

      251KB

    • MD5

      6657fc9e8926638f42aae4b566b50bbe

    • SHA1

      d0d24bf6e78abcff97a912edf8c9412d722901dd

    • SHA256

      b55341d158e0c269cc666df13a45174044159d5582d299c93c3e642fdeae32bf

    • SHA512

      cb337bc9d3334b97866e1e94d1de846007ff1a80b4ebe4ea3794449b663515794a7243e16355e85cd6c59e7da13d70fe60b82bfe33db443980b8840c335c5f77

    Score
    10/10
    asyncratrandomratsuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral5

    • Target

      ISO/Unlimited.vbs

    • Size

      165B

    • MD5

      b1b2e3fb678ad030e95ff623fe80d979

    • SHA1

      cf00dc8fb35e255fee951b6baf08fd44e1e5b5fc

    • SHA256

      19a88a8c19ad3f6dde00c79954d9822f1197bb0c73a4c166470fd44de4c89f33

    • SHA512

      15d4670d547cf6556198fffd4c2ce7a614c948d7aa1361ad80187fe5abf163c9ef61e0c5693d145dce3194bbfae5f0734b3827feee7c0418c19e88f2d87aae62

    Score
    3/10
    behavioral6

    • Target

      Unlimited/ISO/Binnot.ps1

    • Size

      781B

    • MD5

      58ef18971b1520648e0c6d67036251ff

    • SHA1

      68bd1ee657ff233f6a1ee453914aaecdeb845284

    • SHA256

      226b14799e579e28954937fa3ffdb7d0e5dcd10360b35c329a7246a23be4b4b3

    • SHA512

      9b7f04aca4b3e2af5aafdc9ea30c1722722d668078bea8b0aaa2394d0cb50ac75716fb9173d4084bd5a9cfaa279bd94404b64c140532daa5b3bdd66842f332d2

    Score
    1/10
    behavioral7

    • Target

      Unlimited/ISO/Binnot.vbs

    • Size

      161B

    • MD5

      7b0e58ca3cd90265cfad552b57b52726

    • SHA1

      732d67419df7ae6ab6512e697f7cdfd72aad4f15

    • SHA256

      f6f353790e3f1f92ac7be5bc0f03a334e199cbbd53392e9eb8079f9b8495cc6f

    • SHA512

      9f4853237c88f2045bdacc616360f67abadfec21547a3413f0e72491e0c9d896030a3091e3bf5453f0b787c6dfcaea51c4eaa3e15a1ab982b7e3d5159172c0ba

    Score
    3/10
    behavioral8

    • Target

      Unlimited/ISO/Unlimited.bat

    • Size

      99B

    • MD5

      eff64d56c40c54a1f9891d7a6ad54899

    • SHA1

      dbaf9a4aeb8484690d6118155d59158598f0799a

    • SHA256

      c846b192c5dc974c6d63024a06d4c31b2f7c8baa61af133e5b00009b68df86e2

    • SHA512

      c89f82c7807b947e10f82740c01d5cb996e95c4a6e79375eee6b981d0ed911d31537e964d0cefef874c7e12f9f4baf237f0f9ed44de866abd3c8030a25b7cc83

    Score
    1/10
    behavioral9

    • Target

      Unlimited/ISO/Unlimited.ps1

    • Size

      251KB

    • MD5

      6657fc9e8926638f42aae4b566b50bbe

    • SHA1

      d0d24bf6e78abcff97a912edf8c9412d722901dd

    • SHA256

      b55341d158e0c269cc666df13a45174044159d5582d299c93c3e642fdeae32bf

    • SHA512

      cb337bc9d3334b97866e1e94d1de846007ff1a80b4ebe4ea3794449b663515794a7243e16355e85cd6c59e7da13d70fe60b82bfe33db443980b8840c335c5f77

    Score
    10/10
    asyncratrandomratsuricata

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata: ET MALWARE Generic AsyncRAT Style SSL Cert

      suricata

    • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

      suricata

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral10

    • Target

      Unlimited/ISO/Unlimited.vbs

    • Size

      165B

    • MD5

      b1b2e3fb678ad030e95ff623fe80d979

    • SHA1

      cf00dc8fb35e255fee951b6baf08fd44e1e5b5fc

    • SHA256

      19a88a8c19ad3f6dde00c79954d9822f1197bb0c73a4c166470fd44de4c89f33

    • SHA512

      15d4670d547cf6556198fffd4c2ce7a614c948d7aa1361ad80187fe5abf163c9ef61e0c5693d145dce3194bbfae5f0734b3827feee7c0418c19e88f2d87aae62

    Score
    3/10
    behavioral11

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks