asyncrat | 06f916d0e2860c5a0ae4e6256a5cf55be9e425d7a6d3ede529299be71b413b06 | Triage

Resubmissions

05/11/2023, 22:53

231105-2t5zvaeb2x 10

Sharing

General

Target

VTOLVR-ModLoader_H80Z7ZF.exe
Size

166.3MB
Sample

231105-2t5zvaeb2x
MD5

d12d22f45c51d21b1e3ffd2dd3655e83
SHA1

2e3d2c844d6d54c7c4b7dca41986ec9dbfacd067
SHA256

06f916d0e2860c5a0ae4e6256a5cf55be9e425d7a6d3ede529299be71b413b06
SHA512

d26536e4808590fbaa2bcb1bf6be46526b1327f1e700b1f7414a70d0f5b7c3f1e36b7cfb3eb9c393c6ed783c1d04810012375727ca85524d81c603a55ab74118
SSDEEP

1572864:6+8IZ6lU/gm92tuB+chCE9GQs/vvKCk6XDn:pZ6O/gmYYB+ch/9K/3KUj

Score

10^/10

asyncrat rat

Malware Config

Targets

- Target
  
  VTOLVR-ModLoader_H80Z7ZF.exe
- Size
  
  166.3MB
- MD5
  
  d12d22f45c51d21b1e3ffd2dd3655e83
- SHA1
  
  2e3d2c844d6d54c7c4b7dca41986ec9dbfacd067
- SHA256
  
  06f916d0e2860c5a0ae4e6256a5cf55be9e425d7a6d3ede529299be71b413b06
- SHA512
  
  d26536e4808590fbaa2bcb1bf6be46526b1327f1e700b1f7414a70d0f5b7c3f1e36b7cfb3eb9c393c6ed783c1d04810012375727ca85524d81c603a55ab74118
- SSDEEP
  
  1572864:6+8IZ6lU/gm92tuB+chCE9GQs/vvKCk6XDn:pZ6O/gmYYB+ch/9K/3KUj
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2