Overview

overview

10

Static

static

1

Scan001-St...rt.wsf

windows7-x64

10

Scan001-St...rt.wsf

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.7z

  • Size

    5KB

  • Sample

    240216-z9bd3afg3z

  • MD5

    ff70a70d8843280bec01b78bbbf7e8d7

  • SHA1

    5b02b0b38a4218c0da3cf5f28e237792b988ec65

  • SHA256

    57db34be899c1fd7ad39de16d63f4495980d54de32f9bd35e64461fb9000516f

  • SHA512

    0696ab6e1c83694eceeebab286390d808fc2d44b8269c638a82598be10bc98c9de6fa283f140c50e2249518d33cde4030949e8e8587735fae76e0da67c86dfad

  • SSDEEP

    96:ePcIoh7czVmSwdS2sXSsELMu7MaWJILmNWajEk9+fEcQ84P5Y:+VmVdMisjcMNcmcajEhfJQBu

Score
10/10
asyncratzgratdannyrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.107.183.105:555/w.jpg

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

danny

C2

r0nj.ooguy.com:7777

Mutex

AsyncMutex_alosh

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Scan001-StatementReport.wsf

    • Size

      31KB

    • MD5

      99ec5f8d2779e65e64c54265f8ee1547

    • SHA1

      593116987bdd5119eceec7882c8fbd11fae139f2

    • SHA256

      62edf192312ffa77440aaac0de4b693126e2c14e6a96c9764de45fc4ff6c2ef1

    • SHA512

      e39896113ea391097335b2c93d9d6dd76b255281c0aebc948c8a47ecd83fd7e1997ac224a30f108153b17d37f4fdd75dbce2a8d6ed9f5034af34293083cc4cbe

    • SSDEEP

      768:Fs0IeoVcogHzATv4MR1b6rONCps0IeoVcogHzATv4MR1b6rONCD:pMXKceMXKcs

    Score
    10/10
    asyncratzgratdannyrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks