Analysis Overview
SHA256
514e616e306a303bc6239c10b2b841466082130a9c0321f36c06df217c4ff9b2
Threat Level: Known bad
The file hueta.rar was found to be: Known bad.
Malicious Activity Summary
Stealerium family
Detect ZGRat V1
AsyncRat
ZGRat
Asyncrat family
Zgrat family
Stormkitty family
Async RAT payload
StormKitty payload
Async RAT payload
.NET Reactor proctector
Loads dropped DLL
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-10-22 17:47
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Asyncrat family
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stealerium family
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Zgrat family
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-22 17:47
Reported
2023-10-22 17:54
Platform
win10v2004-20231020-en
Max time kernel
153s
Max time network
223s
Command Line
Signatures
AsyncRat
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ZGRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hueta\Anarchy Panel.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\hueta\Anarchy Panel.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\hueta\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\hueta\Anarchy Panel.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
memory/1668-0-0x00000000005C0000-0x0000000003C5E000-memory.dmp
memory/1668-1-0x00007FFD5F5D0000-0x00007FFD60091000-memory.dmp
memory/1668-2-0x00000000042F0000-0x00000000042F1000-memory.dmp
memory/1668-3-0x000000001EA30000-0x000000001EA40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
| MD5 | 56a504a34d2cfbfc7eaa2b68e34af8ad |
| SHA1 | 426b48b0f3b691e3bb29f465aed9b936f29fc8cc |
| SHA256 | 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961 |
| SHA512 | 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7 |
memory/1668-9-0x0000000005F30000-0x0000000005F42000-memory.dmp
memory/1668-10-0x000000001EF10000-0x000000001F4F8000-memory.dmp
memory/1668-11-0x000000001F500000-0x000000001F8C0000-memory.dmp
memory/1668-12-0x000000001EA30000-0x000000001EA40000-memory.dmp
memory/1668-13-0x000000001EA30000-0x000000001EA40000-memory.dmp
memory/1668-14-0x00007FFD5F5D0000-0x00007FFD60091000-memory.dmp
memory/1668-15-0x000000001EA30000-0x000000001EA40000-memory.dmp
memory/1668-16-0x000000001EA30000-0x000000001EA40000-memory.dmp
memory/1668-17-0x000000001EA30000-0x000000001EA40000-memory.dmp