Overview

overview

10

Static

static

1

Invoice 6238829.bat

windows7-x64

7

Invoice 6238829.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Invoice 6238829.bat

  • Size

    410KB

  • Sample

    230519-gm2nmafc96

  • MD5

    6cb6cc9ac94bc7ddffa0c81461a6346c

  • SHA1

    b1507f91011e82b4fa25c879b12325cf51ec362f

  • SHA256

    6bbbaa4861b4826eede41ff0c8244cf407435ab64d463b13c639b03588221b65

  • SHA512

    d5f7921821e0a393783058d9e0b8fac13c7fda92a877553289651d7239a979d572b97f9d0b97318aa6ac07edcf1795b2073278c608f2a792b66df5256d35619a

  • SSDEEP

    12288:WAHTazogPBYqCTI59GSvC/DxzfYJMt3p9Wz:5T0oQBfUI5K/lzfpY

Score
10/10
asyncratrat

Malware Config

Targets

    • Target

      Invoice 6238829.bat

    • Size

      410KB

    • MD5

      6cb6cc9ac94bc7ddffa0c81461a6346c

    • SHA1

      b1507f91011e82b4fa25c879b12325cf51ec362f

    • SHA256

      6bbbaa4861b4826eede41ff0c8244cf407435ab64d463b13c639b03588221b65

    • SHA512

      d5f7921821e0a393783058d9e0b8fac13c7fda92a877553289651d7239a979d572b97f9d0b97318aa6ac07edcf1795b2073278c608f2a792b66df5256d35619a

    • SSDEEP

      12288:WAHTazogPBYqCTI59GSvC/DxzfYJMt3p9Wz:5T0oQBfUI5K/lzfpY

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks