Overview

overview

10

Static

static

IMG-1112001.exe

windows7-x64

1

IMG-1112001.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8222186189.zip

  • Size

    5KB

  • Sample

    221014-ra484adfbr

  • MD5

    df980b16fe141b7a36570c8e9300ca9b

  • SHA1

    33c2ad5a9a1818c96dc9f9df1d8f20f6fea54b71

  • SHA256

    f5657c1965c9a4981ea06525b393b2a975d09aad8549a6a1dfcc674410526684

  • SHA512

    b5410328f519dd58415a6d454069dba7791b946de70a33016b015197d326f20c3f8861bc78918aee1de92271dd19c25307fca91be9d8897337e9da1385f0bdce

  • SSDEEP

    96:VXj5l9hCOK625kxc+Snmzal3B1ZNjLtRanguhl33Ah4ic6mk1HRYvWkTt3WLS+U/:VX9ThCO91cfnZ3jLtRanHHAhek1HqvWA

Score
10/10
asyncratpersistencerat

Malware Config

Targets

    • Target

      IMG-1112001.exe

    • Size

      17KB

    • MD5

      09a3e7bf8b28a94b0073e2c8e941eddf

    • SHA1

      9b1ab482b209445290c712f84c11234792c673d2

    • SHA256

      f5a1223e98d7bfd9dbe38c505e50368944ad48917ca61e30abe084a0803c34cc

    • SHA512

      16446fa18f2ad04ba2510f26a55063290264304a1259b48894e1c155fa38cb532a1602f25839c604a09bffcfe6093caa1cb3aaa4572c6eae26bb56b59fa580eb

    • SSDEEP

      192:7FwfHFLuygm27WJHzHiYumXtlbEWmhWI:KfHMygz7WVcWmhW

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks