General
-
Target
9546477998.zip
-
Size
353KB
-
Sample
230313-wbyvxsde3x
-
MD5
f9347e394a4936069024e5dbd45b23b3
-
SHA1
8ec00baa9b23ac9564a5a284d767c8779da26b9f
-
SHA256
f6c53cbe456928a12e348d7688172f78b01fd75fac6c728bd31a57b7e2d4f6ab
-
SHA512
6fa3758eabc7da5dc62366454d95d455037ac06a11404062a1e6cf92b4e5ec2e0cca5e401ebcd8722c6f707a02c89d918a9308a9a03519dc69611c73eda5cbfa
-
SSDEEP
6144:GSVvnNZaIj6tbuWKayWJi4wbmDMdwooZnLm3q7eTo7bxOplTA3z16F+i2Vzjz8fD:XVvNZXj65zAWJ+bCMdwHZnq3lTObklTv
Static task
static1
Behavioral task
behavioral1
Sample
5379820f930466a3fd452e5161da9da7771db18a2c88050a9f7a908960e1d7c8.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
185.136.161.11:1337
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
5379820f930466a3fd452e5161da9da7771db18a2c88050a9f7a908960e1d7c8
-
Size
467KB
-
MD5
de67cd07f4d74cf1b8bbe08fdfd43fac
-
SHA1
cde4dda4c72d05d7da7c42f71954621bb837f9df
-
SHA256
5379820f930466a3fd452e5161da9da7771db18a2c88050a9f7a908960e1d7c8
-
SHA512
cef188b960035b336651746046440c1abc170564a27cebbfe7765bab72c37497c9567e00369b16179b20c274c444e1540d01241bbebce646e725fd17343eaf3d
-
SSDEEP
12288:wpvP3Pkd834QYN+oAgUULI0yoLdwgCOj:wxkW3pYN+o7YdGj
-
Async RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v6
Defense Evasion
Bypass User Account Control
1Disabling Security Tools
3Modify Registry
6Scripting
1Virtualization/Sandbox Evasion
2