Overview

overview

10

Static

static

1

Salad-1.1.0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Salad-1.1.0.exe

  • Size

    1237.1MB

  • Sample

    230401-b9qa8age4x

  • MD5

    38ec0f0262291407df2c9e84d0f12a89

  • SHA1

    7970e5e1fe403bb6502899d52984fe48c348204c

  • SHA256

    91f6a5d5bc61691cdcecfd8b57f079f2168c8700724ddc0e4582ccbdcd3ca987

  • SHA512

    fb7754650372effbfe910c7d669e32043b0caf6d4253bdb29e1b5c9058319759da916bb7fefd22625a2d1cb8767b220cee764c91962581a75437c091aad68ed9

  • SSDEEP

    25165824:l5jOBdFhrm0sBFrzn5ka1cqgw7raFWhtZJULNDF5eJP1:3j1T1nGa7raFqtZJEBer

Score
10/10
asyncratxwormdiscoveryminerrattrojan

Malware Config

Targets

    • Target

      Salad-1.1.0.exe

    • Size

      1237.1MB

    • MD5

      38ec0f0262291407df2c9e84d0f12a89

    • SHA1

      7970e5e1fe403bb6502899d52984fe48c348204c

    • SHA256

      91f6a5d5bc61691cdcecfd8b57f079f2168c8700724ddc0e4582ccbdcd3ca987

    • SHA512

      fb7754650372effbfe910c7d669e32043b0caf6d4253bdb29e1b5c9058319759da916bb7fefd22625a2d1cb8767b220cee764c91962581a75437c091aad68ed9

    • SSDEEP

      25165824:l5jOBdFhrm0sBFrzn5ka1cqgw7raFWhtZJULNDF5eJP1:3j1T1nGa7raFqtZJEBer

    Score
    10/10
    asyncratxwormdiscoveryminerrattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Async RAT payload

      rat

    • Detectes Phoenix Miner Payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks