General
-
Target
2024-06-01_53b2f792d05e22cea3283bbfaa6bb085_megazord
-
Size
3.4MB
-
Sample
240601-a5brlacd56
-
MD5
53b2f792d05e22cea3283bbfaa6bb085
-
SHA1
94a409e9e4d53418d4674ca2aa05e7a4587ad633
-
SHA256
8fe0f92974260cf06d5c6db3b5e94bba47e267889314360a086fa54812e7864f
-
SHA512
e41909b79564bd715656b02ad9c07fe61c6a6c9a4520d3748db2317fc86cba314bd5268fb1bdcf8fad0f56a4efa31a37f814bc5d0fb6ccd0959e2e5a236067e6
-
SSDEEP
49152:PXmM3+IVJiicn3HpKoQyvf7+rEgFhnNVlaTMuIt3jc:cdVjna38Yht3g
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-01_53b2f792d05e22cea3283bbfaa6bb085_megazord.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
2.0.0
Default
webwhatsapp.cc:65503
ShiningForceRatMutex_cs_cs_cs
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
2024-06-01_53b2f792d05e22cea3283bbfaa6bb085_megazord
-
Size
3.4MB
-
MD5
53b2f792d05e22cea3283bbfaa6bb085
-
SHA1
94a409e9e4d53418d4674ca2aa05e7a4587ad633
-
SHA256
8fe0f92974260cf06d5c6db3b5e94bba47e267889314360a086fa54812e7864f
-
SHA512
e41909b79564bd715656b02ad9c07fe61c6a6c9a4520d3748db2317fc86cba314bd5268fb1bdcf8fad0f56a4efa31a37f814bc5d0fb6ccd0959e2e5a236067e6
-
SSDEEP
49152:PXmM3+IVJiicn3HpKoQyvf7+rEgFhnNVlaTMuIt3jc:cdVjna38Yht3g
-
Detects executables attemping to enumerate video devices using WMI
-
Detects executables containing the string DcRatBy
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1