Overview

overview

10

Static

static

1

PMOy4QqKcU...PF.zip

windows7-x64

1

PMOy4QqKcU...PF.zip

windows10-2004-x64

1

1.bat

windows7-x64

1

1.bat

windows10-2004-x64

1

detonator.cmd

windows7-x64

4

detonator.cmd

windows10-2004-x64

7

dqjg.ps1

windows7-x64

1

dqjg.ps1

windows10-2004-x64

1

dqjg.vbs

windows7-x64

1

dqjg.vbs

windows10-2004-x64

3

th5rk551.uku.ps1

windows7-x64

1

th5rk551.uku.ps1

windows10-2004-x64

1

vuso.ps1

windows7-x64

1

vuso.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PMOy4QqKcUIGUDxCYjsPUMTPF.bin

  • Size

    352KB

  • Sample

    230704-qjg99aeh91

  • MD5

    c997d379270043e96936f4e6419782d4

  • SHA1

    3c84523a533cac878b411f9c402d0c8ca0a57d24

  • SHA256

    3cc3b2e10a8a714206503c42623b0f50c4cf15a7c1fa4147ede6be98fddfb156

  • SHA512

    b146c44d2d3c2b61bec6c4e76647fcd48fede68eeb97b64a0572c3ce6eb45aed690441618565ab28892a3bd595f84207363901deadb945c0996e84d830acf2ec

  • SSDEEP

    3072:OZpNVyYnJt0WOUkX6U1O315T3Apmf+QIQQ43ZneKnETA3UUxAV:upmYnz03Uk2315T3Apmf+QI5V

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

hognyusket.com:6606

hognyusket.com:7707

hognyusket.com:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      PMOy4QqKcUIGUDxCYjsPUMTPF.bin

    • Size

      352KB

    • MD5

      c997d379270043e96936f4e6419782d4

    • SHA1

      3c84523a533cac878b411f9c402d0c8ca0a57d24

    • SHA256

      3cc3b2e10a8a714206503c42623b0f50c4cf15a7c1fa4147ede6be98fddfb156

    • SHA512

      b146c44d2d3c2b61bec6c4e76647fcd48fede68eeb97b64a0572c3ce6eb45aed690441618565ab28892a3bd595f84207363901deadb945c0996e84d830acf2ec

    • SSDEEP

      3072:OZpNVyYnJt0WOUkX6U1O315T3Apmf+QIQQ43ZneKnETA3UUxAV:upmYnz03Uk2315T3Apmf+QI5V

    Score
    1/10
    behavioral1behavioral2

    • Target

      1.bat

    • Size

      87B

    • MD5

      cdc83500ec30d3d435f4a5fca2fb9c99

    • SHA1

      418f2d8fe427cc1bcfffd66689325300737f7d07

    • SHA256

      12a6ad12fa23cc100d4a982746c5520f4de1cd7638de579e2040daf2ec2a2e2e

    • SHA512

      96b5560bbbfa9055f4e1208b46ee6b0c7486d6ecb4f311dd4724ed3b09c862002e10fc1dd6b892b4bfe47798713f055f053fed16bc45f834f94140550c3eb732

    Score
    1/10
    behavioral3behavioral4

    • Target

      detonator.cmd

    • Size

      1KB

    • MD5

      507e4c2852dd71317e33790246598bad

    • SHA1

      a662044b8240c0fb7adeb845e809417ff9ad1427

    • SHA256

      a1508608b0d0990674139d4f6923d6de59838257ec0832221bb7905eb5936a7e

    • SHA512

      690562314ac5a610f9df35045d214a9c65bf416b9943385f6e997022cae3b6c44a30c6d44c0cdbcb16fd4c50d676303c2c70dc4b41e0b980635a2e909c9739ff

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      dqjg.ps1

    • Size

      125B

    • MD5

      e1b26d57301dd20ec11d8ccd7773bd6b

    • SHA1

      ba166cf9ce418fa1f2449145757f90bd62290122

    • SHA256

      fba319eab7709626794b7d7df3bccb40cb94e9bf848d87514048ee63e3a72167

    • SHA512

      90e15fadf0811df2a019b1f0d38a1b012d2721aab2e541f73628bfa967b3a40b96e747ce5272ab039b7093b3e7a11484c57916b90269aec18956f0441657cd32

    Score
    1/10
    behavioral7behavioral8

    • Target

      dqjg.vbs

    • Size

      123B

    • MD5

      93161579105c73b25b3f5dc1995fcd26

    • SHA1

      957741779f236d217e536a62f596b92b01c0cf11

    • SHA256

      28c792bc9e3924bd5124b32c5618f583e80460f2e0f094288e1f90040321c90e

    • SHA512

      eaf43dabc5a81a08395a54b857adae7ba398f337e781a60198fd7bf1b64e98008336a8ae4765fd42756f81e56c508c8a5e649a21b11c1db69fe60bf3b5977871

    Score
    3/10
    behavioral10behavioral9

    • Target

      th5rk551.uku.ps1

    • Size

      1B

    • MD5

      c4ca4238a0b923820dcc509a6f75849b

    • SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

    • SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    • SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Score
    1/10
    behavioral11behavioral12

    • Target

      vuso.ps1

    • Size

      154KB

    • MD5

      07f743d7d5bff6f276abdf9c782e3f91

    • SHA1

      7dd2d5f5e1a7857b7173629139a7d1916b3977b2

    • SHA256

      3aa145e796c24355657a378a74fcde3edd401736b75ec6446c085f813069c5d9

    • SHA512

      357b9da6abf72319ddd7cd917e1deb36bf149c96388cfc7500c7cf0d321aba8dfcde8fb61f66e8128b5308330f27687d60d073b236a436994b33427ef60d2490

    • SSDEEP

      3072:xpNVyYnJt0WOUkX6U1O315T3Apmf+QIQG:xpmYnz03Uk2315T3Apmf+QI7

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral13behavioral14

MITRE ATT&CK Enterprise v6

Tasks