Overview

overview

10

Static

static

3

sdcheck/Se...er.exe

windows7-x64

7

sdcheck/Se...er.exe

windows10-2004-x64

10

sdcheck/module.exe

windows7-x64

1

sdcheck/module.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SeedsChecker.zip

  • Size

    66.6MB

  • Sample

    240527-3j6n3aeb6y

  • MD5

    e7bbd4219802c7424bbdf900399df6f7

  • SHA1

    d409c40deb9e2e16dea1ed186a1ead69c5872ecc

  • SHA256

    dc4aa0cfe4379b2ae5a8d10a81f7d04f45a8060765dad726a19ec0b2e881c7c9

  • SHA512

    687fdd77ddd3e4e534539863e07ad6890aac148b7c6dba9ae1b00977feb6fe04d6ad63c08482ac1ac9487599d67e64e9af9789bac32b7842a06a9372abed5cbe

  • SSDEEP

    1572864:L/RrcztdZ+FfuKEXCZwopRNmkF4S7Lsnv/QROejRRywF:L/RrcJdwGSZpRQVSvsvqZNF

Score
10/10
asyncratdefaultdiscoveryexecutionratspywarestealer

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

80.79.7.197:6606

80.79.7.197:7707

80.79.7.197:8808

80.79.7.197:8888
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    true

  • install_file

    Runtime.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      sdcheck/SeedsChecker.exe

    • Size

      10.5MB

    • MD5

      5f7e0d25b165b9afcc3e6ca2bb135a47

    • SHA1

      72cbc2583a2dd5078a0edb83b153f38fb5ddb085

    • SHA256

      b94bb64c9f1e39f900c095b2034d3302a2a1cfeca08096ac71ecd24b5a25c61d

    • SHA512

      fd87ba28b3cd39b7938eba27d95588cacb51dd3e46c5f79282f3a2693e78387c1032b58b1186eae052a4d33680863c609588888dff46a3fb2542860eda4329fc

    • SSDEEP

      196608:BVE0qzgg7MlG6g4kpQbjHqsQLTJeriQAu8VAbC7EzpIjtoTSam0nuYaf:BV5qz7J6gKbjq1d4iFuE+CQzpI2+l0nu

    Score
    10/10
    asyncratdefaultdiscoveryexecutionratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

    • Target

      sdcheck/module.exe

    • Size

      40.1MB

    • MD5

      926853fdfffb1a4645f22bb5b7e10d71

    • SHA1

      8cfddabdd2d38175a51cd228b0a25ea0cec6f043

    • SHA256

      bde124a6ff61b44ca4313c5860535cb2b49693e602eee6746b3af7dec5623c17

    • SHA512

      64cbc3f1dc1a1c6f36df0277c1d96da2f5d3c1265149e425f9d6063015d78e96c4b604aeb6e6734a01140ec5bf4d925d1c4c2130f43f1f9e5ab432583c4630e8

    • SSDEEP

      786432:yFNHjOvEt1KXZfKXZhu14yyGifQARGMbExzZAZktBbNgx:yFNDQEaiq184A8YE5yYy

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks