Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40aeaa4aa2612caa8b0447eeb59980599e172cf9bf122f14b23235f8b27a59ce

  • Size

    6KB

  • Sample

    230101-hzzkgaee4t

  • MD5

    73accc164cc2f2c2c6da99a79fe259e4

  • SHA1

    b2762324f45f67d11dce99814eb864267d1255e5

  • SHA256

    40aeaa4aa2612caa8b0447eeb59980599e172cf9bf122f14b23235f8b27a59ce

  • SHA512

    057f2b402bd7cd779ba0a98e8b587464203f384b1d52d14cee41358f86dd0a821629646f54f0dd86ca2844fab1b2d6d14b945ae7550e337c724f485fc11f1898

  • SSDEEP

    96:w79UZCFprxds+th4avk+IuAY2ssvk+IabCEBv8d3oj4rl:W9UoFpVds+77vkRYqvk0bC+8dr

Score
10/10
asyncratwindowsdefendersmarttscreenpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

WindowsDefenderSmarttScreen

C2

217.64.31.3:9742

Mutex

WindowsDefenderSmarttScreen

Attributes
  • delay

    1

  • install

    false

  • install_file

    WindowsDefenderSmarttScreen.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      40aeaa4aa2612caa8b0447eeb59980599e172cf9bf122f14b23235f8b27a59ce

    • Size

      6KB

    • MD5

      73accc164cc2f2c2c6da99a79fe259e4

    • SHA1

      b2762324f45f67d11dce99814eb864267d1255e5

    • SHA256

      40aeaa4aa2612caa8b0447eeb59980599e172cf9bf122f14b23235f8b27a59ce

    • SHA512

      057f2b402bd7cd779ba0a98e8b587464203f384b1d52d14cee41358f86dd0a821629646f54f0dd86ca2844fab1b2d6d14b945ae7550e337c724f485fc11f1898

    • SSDEEP

      96:w79UZCFprxds+th4avk+IuAY2ssvk+IabCEBv8d3oj4rl:W9UoFpVds+77vkRYqvk0bC+8dr

    Score
    10/10
    asyncratwindowsdefendersmarttscreenpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks