Overview

overview

10

Static

static

1

stodio.bat

windows7-x64

1

stodio.bat

windows10-2004-x64

1

stodio.ps1

windows7-x64

10

stodio.ps1

windows10-2004-x64

10

stodio.vbs

windows7-x64

3

stodio.vbs

windows10-2004-x64

7

zilla.bat

windows7-x64

1

zilla.bat

windows10-2004-x64

1

zilla.ps1

windows7-x64

1

zilla.ps1

windows10-2004-x64

1

zilla.vbs

windows7-x64

3

zilla.vbs

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    392b296594fa52c9dea628b9ef2cc329

  • Size

    84KB

  • Sample

    231205-wht6baea87

  • MD5

    392b296594fa52c9dea628b9ef2cc329

  • SHA1

    da9a2369edc6a2ffe6993f1447dfc35b3739b1b6

  • SHA256

    248cea4d239e6f36af672ced25e973dfceed1f14ab4c01512304af4b30493654

  • SHA512

    15fc28abf25c3523055d1ad96dfb7581e913caf19f634b766884799bd7b0820430edfb5f205c13b3e8f2f5f9fb3f0099dcd4a14a32db2040f8494cf4a7260d37

  • SSDEEP

    1536:ojCb9I1CLAsUPqqOwCzMzmwuKy1REzUWTjaxqOws1z7k5HJgIdWrv08xc4L0c9bJ:osxJqUwupEzPjaxSt5HJsv0Gc4tjm0v

Score
10/10
asyncratzgratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Botnet

Default

C2

milan.giize.com:6606

milan.giize.com:7707

milan.giize.com:8808
Mutex

AsyncMutex_alocvfxxsh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      stodio.bat

    • Size

      240B

    • MD5

      eb7ab095198f2ac4bfce548fa5768f0a

    • SHA1

      b2dfb2748f62fb6e9a4ea1318d1a0349abf7bafe

    • SHA256

      0ee0bc61ef4263ca51688526a68cfe9a18dcb665b83fe7c61fbf03624804cc91

    • SHA512

      9a61567e119ee5f425d41a7ac93097de5094b1c955ee8d845a3384800629658ec979660d36c366dbc620906b4444ca4f80262dcd634bb8b7e9a58ba71e015170

    Score
    1/10
    behavioral1behavioral2

    • Target

      stodio.ps1

    • Size

      310KB

    • MD5

      c93f2c6a2d7b7d714dafbe4033ba4dae

    • SHA1

      7514e448bee6b3b4713624aed026eaab6d6824b0

    • SHA256

      4a1d4326c45e7b93433aa2c29d3f892a80b80daa1a4338563ac25948daf14a5a

    • SHA512

      173f180380c8120698cb695c21ef8b6589a29c73b899d1c0f8a5de5cc5d271ea23f41d09f920252a6ee889fe047e08d1d68600b204a8c128aa167fa01ec08cc6

    • SSDEEP

      3072:L/GY5RnWnB2PhGx2WyA+P00/QkkilGeANm7LEFkMW8G:bGr2PhGx2WyA+P00/QkkilGw3ykMW8G

    Score
    10/10
    zgratratasyncratdefault

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Async RAT payload

      rat

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      stodio.vbs

    • Size

      2KB

    • MD5

      08013d5a23f8a6a47543e55260992e13

    • SHA1

      e15610a3f106ea4be584f805a02441af4026316b

    • SHA256

      fe26ba12a9ed10bc5d59ca5f186e66302482a69019d21fef8b1f2635942593a5

    • SHA512

      244b57a0bf339e536b5593492686631e492ce6eb54d4586305eefe44af28ea25a33d9f2efa28293545cd3d0997ad40af4fa8301cc2669c86fb012e0bdb39f1eb

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      zilla.bat

    • Size

      239B

    • MD5

      fdfe802abefe653f23aeedf7762fa12a

    • SHA1

      f5b98a87c74c2919b9e27871ea8b4c2ce8acfad2

    • SHA256

      af3c368631fb276e5e2e97d082d0b1222ed0db7d327fc699f35106e071c7f33d

    • SHA512

      97ab620c439f3c715788a59925c00d224d47d06a5d7eec1786d6bcb0d66523532cadef9703a0488a597fdae6bf14e1817f0678bff7b824282f7ff70b6920e217

    Score
    1/10
    behavioral7behavioral8

    • Target

      zilla.ps1

    • Size

      744B

    • MD5

      89024005b401a02787ce1980f13059a8

    • SHA1

      9b125feeff3bdaf16b37c2ca61fc306e78185838

    • SHA256

      545cdf22eedf39ddfdd534b8cda7334209cf1ad0aecfe6980abceb257c07f04a

    • SHA512

      c218029ce274da66a429ddd1f52b6076f0075ed91cb0d2700e19e0e63c6e70d097b27ddba1e2c6cb0e1c67d9ed85c036b74f2005ed09252adba28784db9fde56

    Score
    1/10
    behavioral10behavioral9

    • Target

      zilla.vbs

    • Size

      272B

    • MD5

      695adf66be87c67eef4fde2414284e5e

    • SHA1

      16b035af8a91298c4c59d21b05d6f9765d207bd8

    • SHA256

      0d80d671ef5e4405539c5d74f25e8bbccacf14237500f475e12fc2408bd87d89

    • SHA512

      fed573f9b868fcd35ad6e2a524ad81579596e2546adee7b9570b61836de92e961de737feb00652fc5093375c936373e89cca21a70cf48f20b66ea3dadd82bed7

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks