Overview

overview

10

Static

static

1

PowerBI ti....4.exe

windows7-x64

7

PowerBI ti....4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PowerBI tips Business Ops Setup 3.0.4.zip

  • Size

    525.8MB

  • Sample

    230221-qt79esgg7z

  • MD5

    ecdf88d36332458a0464fe6ca1848f46

  • SHA1

    8c42051fb5fa518b376cfae9adab0e67518c5077

  • SHA256

    058d30b271cc0bd169d08954f17e3977861dbe95fea8b7a550b48d8c914e8567

  • SHA512

    6088cfecbbf7db49d3ee38fbf1e421c725212099076fe50a63422813285035944fbb507c08a8987aa65c4887a4681f76f876f053aba272e4823b4a3a975617cd

  • SSDEEP

    12582912:CG3tfXf7iC3vlXc/si1hM7u8sYGrIetOac4/W1vFdKbo1/yFbF03H9QoOhbkTmpF:P3Z2Ctzi1K7u8sS4OacqsyEyF8tOhPN7

Score
10/10
asyncratplugxredlinexwormdiscoveryinfostealerrattrojan

Malware Config

Targets

    • Target

      PowerBI tips Business Ops Setup 3.0.4.exe

    • Size

      525.8MB

    • MD5

      ceabe8661ec16fa125098bfd4cea1b23

    • SHA1

      295b1b946bddf5366c7a1c886a5738b8fbfa8813

    • SHA256

      2b3fa61129683f095d1e148a02d8783489e11553e4fb710a70e5b7f763917522

    • SHA512

      a9d70b6c40122083dc993f70f7fdf8560f1a3cd3522aaed7dca19243e3da16b93b72fbba290c8a24cc909a0f25204a0796e0d6338e12e253857c84b3a08110f6

    • SSDEEP

      12582912:Dgn00M6JgmlXDzVmljR3MN+ceOgBCOZKCVVE/+YxqummrFY5qgaqUAQ2BzpAPhEf:8n7+m9GjR8N+ce2mKCVC/nmd5qpYzVf

    Score
    10/10
    discoveryasyncratplugxredlinexworminfostealerrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks