General
-
Target
deliverable
-
Size
102KB
-
Sample
240425-wzy6ladd86
-
MD5
f3c32cd677c0105b73d1a1b2fca98879
-
SHA1
244dd0028a183a3a44e036dd3bcb20f7330e641a
-
SHA256
14e3bbfa2fde2674a4626be16c297076c438035fc067a906c405e328562b990c
-
SHA512
1f39d29551221327fa46f01d1232730b620cf65c48b54540c9dbeec385c6324e2b98ad8188aecf67089aca8105e3e28665b555d5d7b33565935548c3f2812c3d
-
SSDEEP
768:1603LBrePKG3Aiock+wssfaxjLh2cfzXX/bCbhbEpXLaR/9tG5A/YcLlViRVn8nH:1YxjLZfWdbEYR/mqyUvWm
Static task
static1
Behavioral task
behavioral1
Sample
deliverable.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
deliverable.html
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
Default
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/z5PQ82wE
Targets
-
-
Target
deliverable
-
Size
102KB
-
MD5
f3c32cd677c0105b73d1a1b2fca98879
-
SHA1
244dd0028a183a3a44e036dd3bcb20f7330e641a
-
SHA256
14e3bbfa2fde2674a4626be16c297076c438035fc067a906c405e328562b990c
-
SHA512
1f39d29551221327fa46f01d1232730b620cf65c48b54540c9dbeec385c6324e2b98ad8188aecf67089aca8105e3e28665b555d5d7b33565935548c3f2812c3d
-
SSDEEP
768:1603LBrePKG3Aiock+wssfaxjLh2cfzXX/bCbhbEpXLaR/9tG5A/YcLlViRVn8nH:1YxjLZfWdbEYR/mqyUvWm
-
Modifies security service
-
Async RAT payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1