Overview
overview
10Static
static
10Config.txt
windows7-x64
1Config.txt
windows10-2004-x64
1Loader.exe
windows7-x64
10Loader.exe
windows10-2004-x64
10imgui.ini
windows7-x64
1imgui.ini
windows10-2004-x64
1intercepti...LY.bat
windows7-x64
8intercepti...LY.bat
windows10-2004-x64
8intercepti...on.exe
windows7-x64
1intercepti...on.exe
windows10-2004-x64
1interception.dll
windows7-x64
1interception.dll
windows10-2004-x64
1General
-
Target
cracked.rar
-
Size
1.2MB
-
Sample
240120-pp777aabf4
-
MD5
48c3b352815687234401204ab23547d6
-
SHA1
8fd6f3f29c0dd3060c4c0c9d651ac51de1e7cbb9
-
SHA256
25c79d85a77a8597c3f4826e61b342a636db2a72867c8733ee82237a5270478f
-
SHA512
ed18a98337dd27effa82986d0b7b537ab6c13416610318d18b42287de107cbd5919195c99f2e4fd600148ed8647cc201d7cd79c60d14bd4203d3031688b038fa
-
SSDEEP
24576:/b1j1cpiIq8H/jz1DZbaJoJysTYKNfRdvi+aXO//ESDZTi:Znmj76oJyafRUOUSD9i
Behavioral task
behavioral1
Sample
Config.txt
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Config.txt
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Loader.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Loader.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
imgui.ini
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
imgui.ini
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
interception install/install - RUN THIS ONE ONLY.bat
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
interception install/install - RUN THIS ONE ONLY.bat
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
interception install/install-interception.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
interception install/install-interception.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
interception.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
interception.dll
Resource
win10v2004-20231215-en
Malware Config
Extracted
asyncrat
Default
kreyze.ddns.net:6969
GΔ德Αo杰rE5c5lCy4ΘxΔJ4
-
delay
1
-
install
true
-
install_file
Lethal.exe
-
install_folder
%AppData%
Targets
-
-
Target
Config.txt
-
Size
449B
-
MD5
c893ab3d41a5c56c71f48306fd81beba
-
SHA1
6e989960d5a3e8cce9ecb9604d8b1f108573d86e
-
SHA256
dd590f4142ac0c5d3703e5d63ade66895baf42ca8add129abfbf45e5fcb6d61f
-
SHA512
63054f89afa6e1178523df2bf070c87a0946825761a309b6c19453ea9e57783f95a9a82076f54ec16ecb3cc72aa765e56e16b9ff53d9aa6708b2dc62fc5d1cec
Score1/10 -
-
-
Target
Loader.exe
-
Size
2.6MB
-
MD5
8082ee1d13679d422e2f6b66762c7856
-
SHA1
507dbc37bd3b205ea2a6dd5b99a1e812c9dc158f
-
SHA256
9946a4f8a0436c28f3087416ddf66271e190be5b00f15aad675ec658a5c666d4
-
SHA512
450d2132f73232f0c0d89ed0f4a00075c776064fe8b75e5da7f397b823481bb083c73dbad2677fc6ca189dc669323f8c217af446f6747f2ed0bd534bb235dbe5
-
SSDEEP
49152:HXAHwKoY0QBEIlxAXXjnAWht2yPukufIx/XHuTsLQiMsbntnrehZ52I:wHwnYYXHCkufIJGmMs9ej52
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
imgui.ini
-
Size
186B
-
MD5
a988d967f7c35f95d0af675d541f36e3
-
SHA1
ea73427a1640aaad64675753a76745b3c011ef17
-
SHA256
bbe49e945960546a320426df68ac1fb06c0996ce8191fcfdc1b64cbc54bd975e
-
SHA512
a2638b5b4810f3598a35ee1f1adbb9e31a6fee447688d12e01805990aa5e47598ddbbd911f966f7eac5e42a5164b836521693c4c411232c5132d0a9a182b4dc4
Score1/10 -
-
-
Target
interception install/install - RUN THIS ONE ONLY.bat
-
Size
196B
-
MD5
9264dd8aadf4d5c009c5f85cddef13fa
-
SHA1
67b8cd0009b2c02099e7597f8c6e151100dde4b3
-
SHA256
49e29a9898b6b9134223b0b73f98a8e9f0e3aef6a025d4060eb50ceb1234cf82
-
SHA512
b0f5afbcf1c6732d3aea43f1893b66b2d4ed6b98342bd6ce5af5552824aec9588586c212758f4b396d890f8353edaf2edfc8d65ec194a9d2b16f6e1a6db63438
Score8/10-
Drops file in Drivers directory
-
-
-
Target
interception install/install-interception.exe
-
Size
459KB
-
MD5
0f0b50d92e030b8965ce669c8058fa6e
-
SHA1
257b3f0402285a29f4618b32958c208b3e9d4c4d
-
SHA256
e137863a79da797f08e7a137280ff2a123809044a888fd75ce9c973198915abe
-
SHA512
fc7c384fd6f682ad01b598abf87c522b38068f4488cea6dc7bd6dedd66e995e4d8fb583c54c6afed0c4c7a9a2318bb6ed257bb3cbd0e48fae83a7819d1167d79
-
SSDEEP
6144:+sglhAWORQG8O1dMDmJPjQy4xZWLUKc2:+s4LjGvMk74+B
Score1/10 -
-
-
Target
interception.dll
-
Size
11KB
-
MD5
fe8b2a022297aa36a3546391221f635a
-
SHA1
346e04907eb628372f459fbbf109b6cff57cac13
-
SHA256
ab88164c11b1b48488772d4c3bfaa4509d5b0ae9dbc5a691dc4f96f0260443c8
-
SHA512
fa203db607cb1154f7ac84e64b236b19ff29abab1b443609648ee3fafa53581c22420edd1f5ed2c522ab7f3c2577c73822eafbf143a8c80914a3061193b10a1c
-
SSDEEP
192:wBKz1mGyRWIddjlkuSCqPDKSyFVzhveZhAk3M+j4sreC:EKsGyRhdtlkuSCLS8VcZhP344
Score1/10 -