Overview

overview

10

Static

static

3

ExLoaderInstaller.exe

windows7-x64

10

ExLoaderInstaller.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ExLoaderInstaller.exe

  • Size

    15.2MB

  • Sample

    231013-zndmasbg83

  • MD5

    2bcff38582472bb9820b48ef37fb13b1

  • SHA1

    45a03f6b3df933de2645205861667814586d9782

  • SHA256

    7d69630f0ce1e7b87eaffadddef3f01396da6b31ad557f20e6b335c17a85e2bd

  • SHA512

    9b80f10e4537ccf261f8be61fdf6bb2618eab56b90e08e3002255546d977426766f7a2ddd4e29f9a1e9d11e5e0db1a86a148adb466bd8f328fd45077b1db64b2

  • SSDEEP

    393216:S3dLr92PLK1opPmBAZtZZh3vXrcghi9XOyouw328bADt:S3dLkjJPnZtJ3vXrcghi9XOj9MD

Score
10/10
asyncratpcspersistencerat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

PCs

Mutex

jg734hg7er

Attributes
  • delay

    1

  • install

    true

  • install_file

    SecurityHealthSystem.exe

  • install_folder

    C:\Windows\System32

aes.plain

Targets

    • Target

      ExLoaderInstaller.exe

    • Size

      15.2MB

    • MD5

      2bcff38582472bb9820b48ef37fb13b1

    • SHA1

      45a03f6b3df933de2645205861667814586d9782

    • SHA256

      7d69630f0ce1e7b87eaffadddef3f01396da6b31ad557f20e6b335c17a85e2bd

    • SHA512

      9b80f10e4537ccf261f8be61fdf6bb2618eab56b90e08e3002255546d977426766f7a2ddd4e29f9a1e9d11e5e0db1a86a148adb466bd8f328fd45077b1db64b2

    • SSDEEP

      393216:S3dLr92PLK1opPmBAZtZZh3vXrcghi9XOyouw328bADt:S3dLkjJPnZtJ3vXrcghi9XOj9MD

    Score
    10/10
    asyncratpcspersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks