General
-
Target
7d5053287343d71bf9e3b913d4e4e551.bin
-
Size
419KB
-
Sample
240425-b339hadb8s
-
MD5
f2dcc50bd23d11b299989692cf430055
-
SHA1
80c99b81e3af83fe9066bfff9a97fa0d3f443e85
-
SHA256
7fe8e4a32128aef7551bf450c770982d4756f838ace3cfdb393001600dcf88a0
-
SHA512
a9fa60f84b0d735139b24265cee4dfaba88e0ee117bf689152c417d52eb6fd2aa112140cd52c02bd91d626d4436d3f95a60a88f3d2be1a1edf5873be1cdf43fa
-
SSDEEP
12288:j5/G2Sy2NJHQ7yPHPYPPmMDN/GXZ3ACEW3JajUbU8:VbkJw7yPHPYPuMDYJb3DQ8
Static task
static1
Behavioral task
behavioral1
Sample
48cd145349ebdb8a3728c8c55b9e5a59df2ee7676a847afa340d7f88ae24cfd1.exe
Resource
win7-20231129-en
Malware Config
Extracted
asyncrat
1.0.7
BSOD_New
Mika
-
delay
1
-
install
false
-
install_file
UpdateTaskMachineUa.bat.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/F7c4dqk3
Targets
-
-
Target
48cd145349ebdb8a3728c8c55b9e5a59df2ee7676a847afa340d7f88ae24cfd1.exe
-
Size
426KB
-
MD5
7d5053287343d71bf9e3b913d4e4e551
-
SHA1
822191da126f6d18cbc110e02473afb0528751bd
-
SHA256
48cd145349ebdb8a3728c8c55b9e5a59df2ee7676a847afa340d7f88ae24cfd1
-
SHA512
801a414806c2ff4a8db764dd4d1fa9b2ad06ac7976fd5a98079362c33583dce246f95dd76427f911d0674d07d3ebd26085773653ca52ba779e2707f202428bd3
-
SSDEEP
12288:qoE0Q+9PzNEAVTH2BKlYZQ/yKrFvM/2SwJ:F1L9zLLCKlAQqEva25
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Virtualization/Sandbox Evasion
2