General
-
Target
Hidden Malware Builder V5.0.rar
-
Size
5.4MB
-
Sample
230313-x4dacsbg36
-
MD5
4adccdbb8cd95b2ee8da5c91d109286b
-
SHA1
eb1c18b78a7fe31a112bd39bc970d1a7f4c1e12c
-
SHA256
c818d064222c52c7d72aa37bb30c1b8cf98920ff42fc8eb2d41e049410f937f9
-
SHA512
7950a015df057c20759450fac795406d4387e39653af8f9a9dc220933cb5a2a16599e7db14738b8908cae7f876c6c240003c5f36b454dafca0e0b0786eafac8c
-
SSDEEP
98304:0BtDfH+L8UYu+C1iV/u/zX4ZVKiIEwoIaUcenym+F0nFjgUedZLIdDnnnVzF2Q6l:es8bulwVmUDpIboIjn918UksdLn9FWX1
Behavioral task
behavioral1
Sample
Hidden Malware Builder V5.0/H-Malware Builder V5.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
AsyncMutex_7SI8OkPnk
-
delay
3
-
install
true
-
install_file
ContainerRuntime.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/Kb8rTgY7
Targets
-
-
Target
Hidden Malware Builder V5.0/H-Malware Builder V5.exe
-
Size
3.6MB
-
MD5
57376dc58b364f2282afbbddcb8dd192
-
SHA1
e028e7293e55ea12dad74b7d42c687a9f450afeb
-
SHA256
76ec12ac2cbab7a0bea9b656afbc469c53a6948a18c783a5d99a92263274ff70
-
SHA512
ca06edcfff15a2b45a2c8d5bf5b76d38ff727e5cea34783c2ec4c1988f6b0c7dd492d9bbb6a5f1cf15fdd9120c72a66c1b34b8b6a3efba8066aec4f7a45a39c0
-
SSDEEP
49152:bhRhbyC5mXd6cy0uc4SgcsEEcv02+sazXIOUDa+mC5R6QsKsi3tX/aguTvCBCuir:pTXVhc50vsqALt50QsK5uyi4/g
-
Async RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-