Overview

overview

10

Static

static

1

big.ps1

windows7-x64

1

big.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    big.ps1

  • Size

    11.2MB

  • Sample

    240418-m933vsbc47

  • MD5

    cbf8ae11065184964e7ee9533836c668

  • SHA1

    34047bde03d2615d876d21106538e27132c81ae6

  • SHA256

    791722d558475d9ed6219a5b22c6cb2df2a18928a5cc5b7b341f59fc024093c9

  • SHA512

    a5e9b59a00327f0da6006f43edff006caf26271f7d25a1bcc094bc9d94db9da63fc6fbe26183a1745acf6e2fe86b1f600725c7f3677a06bcc7d12e216e764b40

  • SSDEEP

    49152:/H+uozbw6H4JCHhy2rc70OvlOXFSP7gVf:2

Score
10/10
asyncratstealeriumdefaultcollectionratstealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

91.92.252.234:3232

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      big.ps1

    • Size

      11.2MB

    • MD5

      cbf8ae11065184964e7ee9533836c668

    • SHA1

      34047bde03d2615d876d21106538e27132c81ae6

    • SHA256

      791722d558475d9ed6219a5b22c6cb2df2a18928a5cc5b7b341f59fc024093c9

    • SHA512

      a5e9b59a00327f0da6006f43edff006caf26271f7d25a1bcc094bc9d94db9da63fc6fbe26183a1745acf6e2fe86b1f600725c7f3677a06bcc7d12e216e764b40

    • SSDEEP

      49152:/H+uozbw6H4JCHhy2rc70OvlOXFSP7gVf:2

    Score
    10/10
    asyncratstealeriumdefaultcollectionratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

      rat

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks