Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    45KB

  • Sample

    230211-zsme1ahe4t

  • MD5

    20568d77c88a9b0f9c341f7c78b019d7

  • SHA1

    b96d05322cf712a3c7cb921ff012e880e95917e6

  • SHA256

    40cb5b00771d8e3978a44781777e21d92b7d6923cb33a05dd8628220ca25b9fa

  • SHA512

    6b772cc2fc92f291c5a9b66320c105cc72497586a572df493cc303e6d3e1f2ad095b2ee0d2bdc3264e474d299f0c109d29d3466e0250294f6caacdf67890d824

  • SSDEEP

    768:WTGbOQcKjLZJV3PHsZtWsV+gZSynnn9tqVqBfEDRUT0x9Psn/JB6SWrSvrI/Od0:WibOQP5EZMhAtq6fiGAx9+JoDSE/Od0

Score
10/10
asyncratevasionpersistencerat

Malware Config

Targets

    • Target

      tmp

    • Size

      45KB

    • MD5

      20568d77c88a9b0f9c341f7c78b019d7

    • SHA1

      b96d05322cf712a3c7cb921ff012e880e95917e6

    • SHA256

      40cb5b00771d8e3978a44781777e21d92b7d6923cb33a05dd8628220ca25b9fa

    • SHA512

      6b772cc2fc92f291c5a9b66320c105cc72497586a572df493cc303e6d3e1f2ad095b2ee0d2bdc3264e474d299f0c109d29d3466e0250294f6caacdf67890d824

    • SSDEEP

      768:WTGbOQcKjLZJV3PHsZtWsV+gZSynnn9tqVqBfEDRUT0x9Psn/JB6SWrSvrI/Od0:WibOQP5EZMhAtq6fiGAx9+JoDSE/Od0

    Score
    10/10
    asyncratevasionpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Modifies Installed Components in the registry

      persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks