Overview

overview

10

Static

static

3

d8b419a732...d9.exe

windows7-x64

10

d8b419a732...d9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8b419a7321b6fbb2cad460e1cc432d9

  • Size

    142KB

  • Sample

    240320-nqyjpsff35

  • MD5

    d8b419a7321b6fbb2cad460e1cc432d9

  • SHA1

    97a3c27fb58a7991e2c788d7e81d6a0d874cc746

  • SHA256

    9dadace0560d2aeecb8ff0ecb07e59231e6bd021ddd99f6d24fac83bcf9d7c52

  • SHA512

    668aa802057a78d27e6f0edf6141448b09b87a7487fcd5c52cd26173788b04a13ed6ac04cc6d210010b43f9b575a9aa25b5f655aa5d83df0010f4e909d1fd6b7

  • SSDEEP

    3072:8vNVwwG24+NCFc4tEzWpeINBcs52q8Ys0Y6:8lVy+NSx9NB

Score
10/10
asyncratratrezer0

Malware Config

Extracted

Family

asyncrat

Version

0.5.6A

C2

ramt.mooo.com:8855

Mutex

hclgklsveadshr

Attributes
  • delay

    5

  • install

    false

  • install_file

    MicrosNet.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      d8b419a7321b6fbb2cad460e1cc432d9

    • Size

      142KB

    • MD5

      d8b419a7321b6fbb2cad460e1cc432d9

    • SHA1

      97a3c27fb58a7991e2c788d7e81d6a0d874cc746

    • SHA256

      9dadace0560d2aeecb8ff0ecb07e59231e6bd021ddd99f6d24fac83bcf9d7c52

    • SHA512

      668aa802057a78d27e6f0edf6141448b09b87a7487fcd5c52cd26173788b04a13ed6ac04cc6d210010b43f9b575a9aa25b5f655aa5d83df0010f4e909d1fd6b7

    • SSDEEP

      3072:8vNVwwG24+NCFc4tEzWpeINBcs52q8Ys0Y6:8lVy+NSx9NB

    Score
    10/10
    asyncratratrezer0

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks