Overview

overview

10

Static

static

_228763212...u].iso

windows10-1703-x64

10

_2287632.vbs

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _228763212121325555554637548503 [MConverter.eu].iso

  • Size

    1.5MB

  • Sample

    221206-2vkqasbh52

  • MD5

    47a98d5dc2c54aac240e902184b0c525

  • SHA1

    e0cd3c1344b3261b2cc1b2051fc7a60f7514efde

  • SHA256

    54c98af50b3f94bf726ed3d263c3e27bfcb2e227a36afcf5afa907a110af0954

  • SHA512

    32b015256ce2432751ad07e839cebf4cce0a0c8a8add64953df1a8905c339b5c229c1cc3c8a82bccebfca6132b43ef4f446589fc7458de8959502bb7e2258d1d

  • SSDEEP

    384:dzOzOzOzOz+zOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpt:

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://incuber.es/music/rose.png

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

smartvodafone.duckdns.org:5000

smartvodafone.duckdns.org:5001

smartvodafone.duckdns.org:5002
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      _228763212121325555554637548503 [MConverter.eu].iso

    • Size

      1.5MB

    • MD5

      47a98d5dc2c54aac240e902184b0c525

    • SHA1

      e0cd3c1344b3261b2cc1b2051fc7a60f7514efde

    • SHA256

      54c98af50b3f94bf726ed3d263c3e27bfcb2e227a36afcf5afa907a110af0954

    • SHA512

      32b015256ce2432751ad07e839cebf4cce0a0c8a8add64953df1a8905c339b5c229c1cc3c8a82bccebfca6132b43ef4f446589fc7458de8959502bb7e2258d1d

    • SSDEEP

      384:dzOzOzOzOz+zOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpt:

    Score
    10/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

    • Target

      _2287632.VBS

    • Size

      1.1MB

    • MD5

      4c58dc9a8dc5798f57bb0b167780b871

    • SHA1

      214b13de422b2a62c6afaeb2dcb86a4256ed32a3

    • SHA256

      4268d4ba4527eae819b1e623c75cc86d7692ae62b934383d5b54d2fea5bd765f

    • SHA512

      4395afd47b109e7d521165f3ca765a0aee6fbdff6a5d1eecd299291455bc6c3999f1d62ceb1d9dfbe14849df8156d902dd954d85a5be32567bc392b36cd56a38

    • SSDEEP

      384:HzOzOzOzOz+zOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpzOzpz:/

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks