Overview

overview

10

Static

static

lol.chm

windows7-x64

10

lol.chm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lol.chm

  • Size

    234KB

  • Sample

    221009-yshalshfd6

  • MD5

    29984ec9b0bef9d92e9a2fec99e9b7d0

  • SHA1

    701cdf5b2419f4da8247e6af9eaa376cdf6e2dc4

  • SHA256

    9ad14a020dc9a937bbe2c2dcd63991e424fe174b96f0131962e24bdd9f823fa3

  • SHA512

    be7703f487bccba2e473411288d1a2919358c49d18355f48aa5d73adb652550c33eeb9ca87dd786dbd46748c64c1af11e40ae6e342ef1b38dbe5fecdb667fe08

  • SSDEEP

    6144:KveS9vg8qKoqjkqNdoYzgOS9vg8qKoqjkqDyoaF73:VSBg8iqjkCKUgOSBg8iqjkWaFT

Score
10/10
asyncrataaaaaaaaaaaa+++aaaaaaaaaaaarat

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://skynetx.com.br/tarefa.html

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

AAAAAAAAAAAA+++AAAAAAAAAAAA

C2

chromedata.accesscam.org:7707

chromedata.accesscam.org:4404

chromedata.accesscam.org:5505

chromedata.accesscam.org:3303

chromedata.accesscam.org:2222

chromedata.accesscam.org:6606

chromedata.accesscam.org:8808

chromedata.accesscam.org:5155

chromedata.accesscam.org:5122

chromedata.accesscam.org:8001

chromedata.accesscam.org:9000

chromedata.accesscam.org:9999

chromedata.accesscam.org:8888

cdt.3utilities.com:7707

cdt.3utilities.com:4404

cdt.3utilities.com:5505

cdt.3utilities.com:3303

cdt.3utilities.com:2222

cdt.3utilities.com:6606

cdt.3utilities.com:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    DesbravadorUpdata.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      lol.chm

    • Size

      234KB

    • MD5

      29984ec9b0bef9d92e9a2fec99e9b7d0

    • SHA1

      701cdf5b2419f4da8247e6af9eaa376cdf6e2dc4

    • SHA256

      9ad14a020dc9a937bbe2c2dcd63991e424fe174b96f0131962e24bdd9f823fa3

    • SHA512

      be7703f487bccba2e473411288d1a2919358c49d18355f48aa5d73adb652550c33eeb9ca87dd786dbd46748c64c1af11e40ae6e342ef1b38dbe5fecdb667fe08

    • SSDEEP

      6144:KveS9vg8qKoqjkqNdoYzgOS9vg8qKoqjkqDyoaF73:VSBg8iqjkCKUgOSBg8iqjkWaFT

    Score
    10/10
    asyncrataaaaaaaaaaaa+++aaaaaaaaaaaarat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks