General

  • Target

    cracked.rar

  • Size

    1.2MB

  • Sample

    240120-pp777aabf4

  • MD5

    48c3b352815687234401204ab23547d6

  • SHA1

    8fd6f3f29c0dd3060c4c0c9d651ac51de1e7cbb9

  • SHA256

    25c79d85a77a8597c3f4826e61b342a636db2a72867c8733ee82237a5270478f

  • SHA512

    ed18a98337dd27effa82986d0b7b537ab6c13416610318d18b42287de107cbd5919195c99f2e4fd600148ed8647cc201d7cd79c60d14bd4203d3031688b038fa

  • SSDEEP

    24576:/b1j1cpiIq8H/jz1DZbaJoJysTYKNfRdvi+aXO//ESDZTi:Znmj76oJyafRUOUSD9i

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

kreyze.ddns.net:6969

Mutex

GΔ德Αo杰rE5c5lCy4ΘxΔJ4

Attributes
  • delay

    1

  • install

    true

  • install_file

    Lethal.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Config.txt

    • Size

      449B

    • MD5

      c893ab3d41a5c56c71f48306fd81beba

    • SHA1

      6e989960d5a3e8cce9ecb9604d8b1f108573d86e

    • SHA256

      dd590f4142ac0c5d3703e5d63ade66895baf42ca8add129abfbf45e5fcb6d61f

    • SHA512

      63054f89afa6e1178523df2bf070c87a0946825761a309b6c19453ea9e57783f95a9a82076f54ec16ecb3cc72aa765e56e16b9ff53d9aa6708b2dc62fc5d1cec

    Score
    1/10
    • Target

      Loader.exe

    • Size

      2.6MB

    • MD5

      8082ee1d13679d422e2f6b66762c7856

    • SHA1

      507dbc37bd3b205ea2a6dd5b99a1e812c9dc158f

    • SHA256

      9946a4f8a0436c28f3087416ddf66271e190be5b00f15aad675ec658a5c666d4

    • SHA512

      450d2132f73232f0c0d89ed0f4a00075c776064fe8b75e5da7f397b823481bb083c73dbad2677fc6ca189dc669323f8c217af446f6747f2ed0bd534bb235dbe5

    • SSDEEP

      49152:HXAHwKoY0QBEIlxAXXjnAWht2yPukufIx/XHuTsLQiMsbntnrehZ52I:wHwnYYXHCkufIJGmMs9ej52

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Target

      imgui.ini

    • Size

      186B

    • MD5

      a988d967f7c35f95d0af675d541f36e3

    • SHA1

      ea73427a1640aaad64675753a76745b3c011ef17

    • SHA256

      bbe49e945960546a320426df68ac1fb06c0996ce8191fcfdc1b64cbc54bd975e

    • SHA512

      a2638b5b4810f3598a35ee1f1adbb9e31a6fee447688d12e01805990aa5e47598ddbbd911f966f7eac5e42a5164b836521693c4c411232c5132d0a9a182b4dc4

    Score
    1/10
    • Target

      interception install/install - RUN THIS ONE ONLY.bat

    • Size

      196B

    • MD5

      9264dd8aadf4d5c009c5f85cddef13fa

    • SHA1

      67b8cd0009b2c02099e7597f8c6e151100dde4b3

    • SHA256

      49e29a9898b6b9134223b0b73f98a8e9f0e3aef6a025d4060eb50ceb1234cf82

    • SHA512

      b0f5afbcf1c6732d3aea43f1893b66b2d4ed6b98342bd6ce5af5552824aec9588586c212758f4b396d890f8353edaf2edfc8d65ec194a9d2b16f6e1a6db63438

    Score
    8/10
    • Drops file in Drivers directory

    • Target

      interception install/install-interception.exe

    • Size

      459KB

    • MD5

      0f0b50d92e030b8965ce669c8058fa6e

    • SHA1

      257b3f0402285a29f4618b32958c208b3e9d4c4d

    • SHA256

      e137863a79da797f08e7a137280ff2a123809044a888fd75ce9c973198915abe

    • SHA512

      fc7c384fd6f682ad01b598abf87c522b38068f4488cea6dc7bd6dedd66e995e4d8fb583c54c6afed0c4c7a9a2318bb6ed257bb3cbd0e48fae83a7819d1167d79

    • SSDEEP

      6144:+sglhAWORQG8O1dMDmJPjQy4xZWLUKc2:+s4LjGvMk74+B

    Score
    1/10
    • Target

      interception.dll

    • Size

      11KB

    • MD5

      fe8b2a022297aa36a3546391221f635a

    • SHA1

      346e04907eb628372f459fbbf109b6cff57cac13

    • SHA256

      ab88164c11b1b48488772d4c3bfaa4509d5b0ae9dbc5a691dc4f96f0260443c8

    • SHA512

      fa203db607cb1154f7ac84e64b236b19ff29abab1b443609648ee3fafa53581c22420edd1f5ed2c522ab7f3c2577c73822eafbf143a8c80914a3061193b10a1c

    • SSDEEP

      192:wBKz1mGyRWIddjlkuSCqPDKSyFVzhveZhAk3M+j4sreC:EKsGyRhdtlkuSCLS8VcZhP344

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks