Overview

overview

10

Static

static

3

2DFGVCXV.exe

windows7-x64

8

2DFGVCXV.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2DFGVCXV.zip

  • Size

    5KB

  • Sample

    231208-c24pbaab3s

  • MD5

    35beb6bfc19b4f3f1a0163f52870394a

  • SHA1

    211362d1784343a46988ca4eae79bb6d99d68d0b

  • SHA256

    e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979

  • SHA512

    bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77

  • SSDEEP

    96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS

Score
10/10
asyncratzgratwinlozbrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Winlozb

C2

46.1.103.124:2341

Mutex

Winlozb

Attributes
  • delay

    3

  • install

    false

  • install_file

    Winlogzb

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      2DFGVCXV.zip

    • Size

      5KB

    • MD5

      35beb6bfc19b4f3f1a0163f52870394a

    • SHA1

      211362d1784343a46988ca4eae79bb6d99d68d0b

    • SHA256

      e593bbbea1e480fdd8018bdaf481ef9f76f6b7c8cf783603164633bb0f8b2979

    • SHA512

      bd4dc84de924069bf0adc12136badba67c89af49bbe1692631f25c674bce0f2e33c49820f72da019b0a28fe5ab646a438371458ddfe3ddde722b7438f0c86b77

    • SSDEEP

      96:Ende79bSCbn4KLZDe5RuNDZPgDtENtUqwUNGOuKGd3ojfrl:WO9bZbn4KLZD+0NDZcSNtUqwUgiGdS

    Score
    10/10
    asyncratzgratwinlozbrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks