Overview

overview

10

Static

static

3

Pandora-Hv.../H.scr

windows7-x64

10

Pandora-Hv.../H.scr

windows10-2004-x64

10

Pandora-Hv...ec.vbs

windows7-x64

1

Pandora-Hv...ec.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09148815f73308ece427de20b5add6d5a7f8eca04ecaea21cf541c6c247c4ac5.zip.zip

  • Size

    1.7MB

  • Sample

    231107-rhcttage6v

  • MD5

    9f795bf67c5d71bb77615b7cd17e6623

  • SHA1

    657f89aa5f36d00866a63b021b5bb971001783dc

  • SHA256

    b7588fbfab6048762da16c3072b3e65f0aeeed3511d66585ab7e346571f28217

  • SHA512

    8c66f9a5f88e29f4d641cfdb5221758102564f6c42815ed3934ba128a7d8ceb973d2532c5e8af4a30261431504983437758bc09d4921b70875e366052c5daf27

  • SSDEEP

    49152:QxrmsaFNmLrCFbyj8Ja21/6nnl1nEgJSAeMrgc3XdCS:QIYLrCFbiuaUynIScMrbXT

Score
10/10
asyncratpurecrypterzgratdownloaderloaderpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

217.64.31.3:8808

217.64.31.3:8437
Mutex

Windows System Guard Runtime

Attributes
  • delay

    3

  • install

    false

  • install_file

    Windows Session Manager

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Pandora-Hvnc-Hidden-Browser-Real-Vnc-Working-Chromium-Edge-Opera-Gx-main/Pandora Hvnc Hidden B Vnc/Hidden Vnc Full Not pasted‮nls..scr

    • Size

      799KB

    • MD5

      98d7999986d63fbd914bddc3d7b7ecf9

    • SHA1

      7c528fb3cc427791482f7a84923a21621cfb9675

    • SHA256

      144a026bb63a29b36a3437094c4f53cf1cb135edcbe15ab06e35fb8759129bfc

    • SHA512

      13bb42bf2078b3407af5786e9c1d057a306cba561519f905e4ba3fa1acaf8687551c70941775daa89394384808b6524659cda354a715e5ab3c3cba558c065616

    • SSDEEP

      12288:v41SrH22qla5w/yXbxixFcRMFQIkeNCSo9mbX8:v0SrH0MW/IbxiYCQIkeNCSBQ

    Score
    10/10
    asyncratpurecrypterzgratdownloaderloaderpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect PureCrypter injector

      loader

    • Detect ZGRat V1

    • Modifies WinLogon for persistence

      persistence

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Pandora-Hvnc-Hidden-Browser-Real-Vnc-Working-Chromium-Edge-Opera-Gx-main/Pandora Hvnc Hidden B Vnc/IcarusLib/IUnsafeCodec.cs

    • Size

      1KB

    • MD5

      dbbf81af39f414edd3f7786e8050f5e6

    • SHA1

      cc160fe65f01ca0d817257e4739cb0428cc7e624

    • SHA256

      09547a4ead396854eba62265d9962b80aac26ab0c9275f77b9c9a1efa6f7cb41

    • SHA512

      b9728f3d866a84bc7674b059f8b433eb8aa06327dac71abff31b2dca93c853b7f4e01f8422eaa4f3623f51ea1f1392f2fafcf9cd91cfac044ad660e8cf0a660c

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks