Overview

overview

10

Static

static

3

BID5X6XGH1...er.exe

windows11-21h2-x64

10

Bulk Image...64.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bulk_Image_Downloader_6.44_Multilingual.rar

  • Size

    35.6MB

  • Sample

    240606-zkhf3sch57

  • MD5

    325017683d9fe79828ef93756b8c6c7c

  • SHA1

    9d11e7ed224ee432cb8c0b5c637667e9ace652b4

  • SHA256

    11dc74ed41dbd32fe634c02ac738b9c6e833f676f1a0ca0ce9dcbb2ab890c0df

  • SHA512

    f02f39340a31b950afdfb900eaa80eeed078c33357423fe02dcecec45b4a73b5f0ffc9f2a33d97fe0454f929eca37cbc220f84554f49bd1d935c7c1707d09eda

  • SSDEEP

    786432:F12OtyK52oy609iL/qIQOAoXthmoBMySQvUJC7zv:5y423V9a/QOAoXt4oBMySQCu

Score
10/10
asyncratdefaultdiscoveryexecutionpersistencerat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

95.211.208.153:6606

95.211.208.153:7707

95.211.208.153:8808

5512.sytes.net:6606

5512.sytes.net:7707

5512.sytes.net:8808
Mutex

Llg9a02PERRO

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      BID5X6XGH12/BID5X6XGH_Installer.exe

    • Size

      2.7MB

    • MD5

      f5ed1b1a569014eb6b0da47e1379eb2f

    • SHA1

      e90f60c3e1f9a5c711e4e6c4188dcbe29350c107

    • SHA256

      37b04e66faca5ebc848aee8492dfa93073536117e24fd5f369ad8c7db2142cb2

    • SHA512

      b0f385e62778df712e85d0ae6dea60d25cbec61f6b209aa0c9216b04f3a742e8d145e87639b54ee479a23eb42c20c7e2152e43c269a379b574f61a77f576906a

    • SSDEEP

      49152:TjylcjtT2DYLpWIyR0ksibaOHKUBsYl1lFIDV/TqznPd9bzFOl3JOEfE0FZ855zx:T2lc5isLHefLzKUmOFIczPnFOfjMM85L

    Score
    10/10
    asyncratdefaultexecutionpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      Bulk Image Downloader 6.44 Multilingual/bid_6_43_setup_x64.exe

    • Size

      20.2MB

    • MD5

      d99edd4a4335470c5eb7a8d909ee969e

    • SHA1

      5bec74040dedf52d6cd4c98a42c5f250e7ef2b57

    • SHA256

      a62a6f67f0607fdd5d0d757cb0ea06ff917cb337aaf70caef36c51fa1293e87b

    • SHA512

      26a0befa2c20836dc8077c426c62489adb0cd3769654c5c5f5ce6ae7a72754550bbe8290d3ab064471bb9d3979c17c77ff61639d7ffa2e6727dd0fef897b2b9e

    • SSDEEP

      393216:stJ92cUWtFt4mRzpjEQZRjZNORt5Y0vVlG4BQhHRsaefvXL+DO+o94g:w6cUWHfjEQ3O75TVdweHX9D

    Score
    7/10
    discovery

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

4
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks