Overview

overview

10

Static

static

7

MedicareSi...rp.dll

windows7-x64

1

MedicareSi...rp.dll

windows10-2004-x64

1

MedicareSi...rt.exe

windows7-x64

7

MedicareSi...rt.exe

windows10-2004-x64

10

MedicareSi...er.dll

windows7-x64

1

MedicareSi...er.dll

windows10-2004-x64

10

MedicareSi...nt.dll

windows7-x64

5

MedicareSi...nt.dll

windows10-2004-x64

5

MedicareSi...nt.dll

windows7-x64

1

MedicareSi...nt.dll

windows10-2004-x64

1

MedicareSi...ct.dll

windows7-x64

3

MedicareSi...ct.dll

windows10-2004-x64

3

MedicareSi...32.dll

windows7-x64

1

MedicareSi...32.dll

windows10-2004-x64

1

MedicareSi...ls.dll

windows7-x64

3

MedicareSi...ls.dll

windows10-2004-x64

3

MedicareSi..._1.dll

windows7-x64

3

MedicareSi..._1.dll

windows10-2004-x64

3

MedicareSi...MD.dll

windows7-x64

3

MedicareSi...MD.dll

windows10-2004-x64

3

MedicareSi...rl.dll

windows7-x64

3

MedicareSi...rl.dll

windows10-2004-x64

3

MedicareSi...in.dll

windows7-x64

3

MedicareSi...in.dll

windows10-2004-x64

3

MedicareSi..._1.dll

windows7-x64

1

MedicareSi..._1.dll

windows10-2004-x64

1

MedicareSi...20.dll

windows7-x64

3

MedicareSi...20.dll

windows10-2004-x64

3

MedicareSign/opus.dll

windows7-x64

1

MedicareSign/opus.dll

windows10-2004-x64

1

MedicareSi...e3.dll

windows7-x64

1

MedicareSi...e3.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb227aa7b0404ccac254372c91ddf2e307526aa82ed9c4ecd3e495c38a6b4552

  • Size

    10.1MB

  • Sample

    240715-ke8czszfpg

  • MD5

    d5f1c6df24f165f9012d1068a693c1be

  • SHA1

    8abd23316ab18861f4817704a5ad9aef3dc87f9d

  • SHA256

    bb227aa7b0404ccac254372c91ddf2e307526aa82ed9c4ecd3e495c38a6b4552

  • SHA512

    82590236958a1d7c6681eeaa2bbb7f8bc3489e6b73bffe472a7dc13aec45d87ee1b992e3154e8d55d1942ffadc5165d6530407b55d76e2331c32a4762b515fdf

  • SSDEEP

    196608:ZeDsDsiGV9/Mk6FpejSJ7ZYM3TTKuln392pzzsnlTob+ykuli:ZeQDS/EcSJb/Kuln3kpknJo7/i

Score
10/10
asyncratdefaultratupx

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.2

Botnet

Default

C2

41.216.183.111:4449

Mutex

kcnzlaqzjkle

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      MedicareSign/AstCrp.dll

    • Size

      171KB

    • MD5

      dbb4bccfe8fee299d555a19865c41921

    • SHA1

      a6c494854ca8bec80c05e259a9d8d9346ec61786

    • SHA256

      45e87d7421b6b65c207e8d564a4e54dcdab7b104b83341f63d348f8894bde992

    • SHA512

      5b5b6091655801c984e87a5de4b8c3771b7ff8a069206662650ba652711db48a4912a613015c2254215ccbd252c475c4a4f00efcb1e0dfb404c6736746a187a4

    • SSDEEP

      3072:SNqEUD0UXALbdEHP5HJ1XDhaWwJ/kYc3e2uYOAg0FujDX8fLa/DNqulyZpx:IUqVy1Xta7tkV2AOHkulU

    Score
    1/10
    behavioral1behavioral2

    • Target

      MedicareSign/MedicareStart.exe

    • Size

      8.6MB

    • MD5

      679368412fd482fe978a21313d2a89c5

    • SHA1

      6267e3e28881a462d91ec8e558d2988ef8030b6b

    • SHA256

      beffe9a402b7721009674866ad773008c90b6af543973abdfb81391af4eb7146

    • SHA512

      2f730f6d77d951ede98653b362f8affa331588bf21a60539a60eee23d912ec5d73ca2a05b69e7e7c047b2c264b8b2c260b4f866515238ffbc2b60a1c11b6270c

    • SSDEEP

      196608:x/lCUxPzli/Aj+D70ajqqRVkmSEg8uW4BLFeQAizx:x/lCU1Q/Aj+D70ajqqRVzS9vW43zx

    Score
    10/10
    upxasyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      MedicareSign/SHFolder.dll

    • Size

      841KB

    • MD5

      8d2c92d7cedd77f3eff8b383d5556f0c

    • SHA1

      dcbead38c732ccfb4593a0a867f19ec9b4a9d2e7

    • SHA256

      8df137226893144ce0b62593bd3c27874958e00cac5640e49d5d7dcfcd09d92c

    • SHA512

      747915cb4c6f4ce8e664600b3c7cd14804c412f08fd28bbe26d31e54553f4f5669312c1267d9e4452b1516805d6716f3d952e58f327f0a07e8b392f047166ca2

    • SSDEEP

      12288:G+ywRzslg0tInWI6wCZj6+AR2a3zCoST0DMakA/4KQd+iEtUz:dNWLjjERHfDDl4KQd+iEtUz

    Score
    10/10
    asyncratdefaultratupx

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      MedicareSign/astclient.dll

    • Size

      675KB

    • MD5

      7bf95a14483346eae890e6f4354c74a8

    • SHA1

      7de11b13cfe609d454bdd1393ed3d79a127c1b7c

    • SHA256

      719f267e41c95e36f99f5da0b9d5d70054d3e9c16e99fb1122948382b976d614

    • SHA512

      ef8b24e6079f05b3f1253e4487e1426639ceb5c1e13ca80046debd224353280e921ea765958f5b3f564983992a294e0242fd7bf4753cce24c51caa86557b51fe

    • SSDEEP

      12288:eVX2O3PmDFam0YxykOeH74CMDEnvpWua1ph0lhSMXlCIVktHFlAP:QGMmbjxyk144vpWukh0lhSMXlaDAP

    Score
    5/10

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      MedicareSign/astprint.dll

    • Size

      14KB

    • MD5

      02f50ce43aa143a0a933036d4897879e

    • SHA1

      0cc00f804fb902f7420fcbe8633a0991c7e1f49c

    • SHA256

      9b1231d03c4cc88cca0dd224cb4059e2cfadeff9a5ef9f082c1da99e4ca95360

    • SHA512

      da7573f2cb76798fc4845284857540cf4093228084f30b9230497268fd6a5e60a9246b63a5915b3dd192e60143e4fc17427d6c316392de1be60071dec57d686f

    • SSDEEP

      192:J8QxCQybcQQybzW6kwCiEHio27aefHix86Tq7Y4odAUhUZQwg2G4lYqufZnIcfx:PVkntCi0GtCxXBhge4GfZIcfx

    Score
    1/10
    behavioral10behavioral9

    • Target

      MedicareSign/astrct.dll

    • Size

      1.7MB

    • MD5

      59b0561cc13e47a3d7be7947e9b8a4cf

    • SHA1

      172663ab62e420cbd46983f5dfacac3b550cdb4f

    • SHA256

      e12baf2c64aed23a6d324fd553d5722e5d5d03d50676a0afe97c4090df3cb7c2

    • SHA512

      35d3a4739176c81c5e339c5b64411cd0cbb24b2343792e2af302a585b984c158140a20050fd8015a4d49c2a69bbd31aad82a4f58e8279611ec262499dab6bd41

    • SSDEEP

      49152:NSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwww1:NSSSSSSSSSSSSSSSSSSSSSSSSSSSSSST

    Score
    3/10
    behavioral11behavioral12

    • Target

      MedicareSign/aw_sas32.dll

    • Size

      17KB

    • MD5

      acf7048e2347cfd66cd17648dbfbaf45

    • SHA1

      df5a12e399176771dc8cf2f7d0cf5548e41e2bb3

    • SHA256

      f1cffbc2ada8491755c76360aad14314deb576aa65f503e52fa24dee7d33d8e7

    • SHA512

      51a53cb700fbb7abf3bda3101ed0885572460c1686d07c3d2125c8aa6f0834e30528bee78cc40ee9270714a16ac769d16f5a916f37f0e48bbf7121202e58e0c0

    • SSDEEP

      384:ZPkFNiOMTd1th9gQIim+4vBDVU376TFNiWC:iNhMpXgIr4vBBYANi1

    Score
    1/10
    behavioral13behavioral14

    • Target

      MedicareSign/hatls.dll

    • Size

      2.1MB

    • MD5

      bccf6a5c2595eea84533692bb788d8bb

    • SHA1

      24318226f145e52b7633a4e9e844d6ead43b75ac

    • SHA256

      abf75de674428e112f90f1c618218ff73ef851f4f09c5f5ba8b69e79a6c74dbf

    • SHA512

      78f24f0812aae31e83340adeb1a1ae8c00edfdf483e299706f863cb713bfdc2501b5418ce8f8bd9131e3c704bffb58a8ca05c5e0a75eb19f15e0409c5b74e35b

    • SSDEEP

      24576:2HGHuX4EewGQcPryfFMoxJ+4PulW/ChEIgTS/zRUm:2HGOX4CGQtMs+WuVge/em

    Score
    3/10
    behavioral15behavioral16

    • Target

      MedicareSign/libcrypto1_1.dll

    • Size

      3.0MB

    • MD5

      df54355a82c6ce8fdfc02e1b227410ab

    • SHA1

      2e9134150f83eda3a55b7dd73d5faf6bfa9de132

    • SHA256

      06d30d8a77bf336c16d50a9c9fbf64dccdda5f4e1f6146f7741cecd5492031d3

    • SHA512

      29b0c47dee5a8397b3e4f4e322fed2be60937817a9bc931ba77885bbc2f196bc492cceed8f6eb2706ff4c69c3fdf0a01d2682e2c5d0ec05af21511f3af5b5aad

    • SSDEEP

      49152:6DDCRZw6OzFGE9DtvleF81Zs1CPwDv3uFfJ9LCA4+LObwSH:6DDMZcGE9DbeF8s1CPwDv3uFfJ

    Score
    3/10
    behavioral17behavioral18

    • Target

      MedicareSign/libcryptoMD.dll

    • Size

      2.0MB

    • MD5

      1afc9bd5e625e85b696141f62fba4325

    • SHA1

      56fb325125f436d7408808446d58af50f8aa3bfc

    • SHA256

      83a1e3cbe242b978b9f55273b7b2648d0492b741ff561c0ec1c6ad9a4aedab47

    • SHA512

      02c2cf9dbc319c2aaf324175cfd3e435824439f33b4ca697324f1b8ff4331d7bde80de46909fc629193ef02deb40853e295b35dc2e3b094d116b5dd783919213

    • SSDEEP

      49152:Vkv4EyvQ/qpyr0kAYdQqqW6qvHewDe01CPwDv3uFR0b5YrpsJ:VkvXyvQ/qpyr0kAd66oewv1CPwDv3uFI

    Score
    3/10
    behavioral19behavioral20

    • Target

      MedicareSign/libcurl.dll

    • Size

      534KB

    • MD5

      13cd45df8aaa584ebd2a40ede76f1e06

    • SHA1

      baa19e6a965621cb315e5f866edc179ef1d6b863

    • SHA256

      3ff4e80e327f298a11e116a517be0963a0b3cd376a6a624caffacd586e6b1449

    • SHA512

      285d7265ac05cecdd43650e5def9198b5f2f4d63665739baa059598e41f4ce892248d3ca7e793ac274dc05b4c19cfa11c17faea62fc1e3495c94a03851049328

    • SSDEEP

      12288:DEnhioDz6zv6pmEmE5A8K8ZOO2rKQrbdCPAEI:Dmbz+vomEBHbZO2YCBI

    Score
    3/10
    behavioral21behavioral22

    • Target

      MedicareSign/libjpegturbowin.dll

    • Size

      696KB

    • MD5

      96d413caaf8c7793a96ef200f6695922

    • SHA1

      abfb19a5bea8724a08a3c709b68c65178e8efbe5

    • SHA256

      5c6e5346c4ef80e1dd211bd5519311aca01025ce1d3811113a03e657938f370d

    • SHA512

      93bf7ac89ae64948c3e91294de89478b0f92d9cefb71c803abb324e181d783801c87dd6d806b0db0d3737b3330e37993ae07b9b7d5aacca9f9f5c3556e23eee4

    • SSDEEP

      12288:RPCS0cSUktNimb/JZqNFcbJ3bZJNlvI8CjBMUC6eVc4/SK:RPCS0c1ktNimbqYZJNlvVc4L

    Score
    3/10
    behavioral23behavioral24

    • Target

      MedicareSign/libssl1_1.dll

    • Size

      925KB

    • MD5

      cbefd9f5e05bbf57aed04b098e6f499f

    • SHA1

      cbac40bfc062e7aa2befcb91687930bab9c4d241

    • SHA256

      e07a95378815fbfc3b2ed21bcae5ba43106a4929273f9bbcc26eff437a3c9ab8

    • SHA512

      3d0c320683e90f66a9b76613cfc84af87422fb5eee2375e918c63642b7e72faa70a6383b6e43e565d6bbeec4c8060062000bd40321165fc4b5ede8b213bda049

    • SSDEEP

      12288:Kzp78vLlddaH+DZA3IYPdpbIMpNL+tJ2m1j0vcY6hb1DG15opdQw1EuDGKXR0DU9:NDHd4hp5p3ohDG15OWk12U2lvzIn

    Score
    1/10
    behavioral25behavioral26

    • Target

      MedicareSign/msvcr120.dll

    • Size

      948KB

    • MD5

      034ccadc1c073e4216e9466b720f9849

    • SHA1

      f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

    • SHA256

      86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

    • SHA512

      5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

    • SSDEEP

      12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV

    Score
    3/10
    behavioral27behavioral28

    • Target

      MedicareSign/opus.dll

    • Size

      361KB

    • MD5

      82e49683f540f78b2d1759cde594482f

    • SHA1

      352dcbdbbb3c5c927b83389e2ab7f40b66ee716a

    • SHA256

      55d99ecd7f821a4b2fe7e5a0b2cea213dc79004c1dc413bd003f032c61080576

    • SHA512

      f50a3bcd5905103eec344d7daf1c17896df9039d3e8d5e9bbd771f1e235ec6045d626ed838c9bf3a8f7a66aa5f41f0743ea7d9bdef7492da8b36561089e126bf

    • SSDEEP

      6144:wJ9LiOhPhz85popbbFb06wAQAwq961b/v9MkvCq2/JO+UxK6DvX0C7Uxm//f0Ps7:IBi8q5po9JkyICq2/z6DvsyEE5+PgAEX

    Score
    1/10
    behavioral29behavioral30

    • Target

      MedicareSign/sqlite3.dll

    • Size

      815KB

    • MD5

      c7f02a62ec2be3e345917640fd9e7502

    • SHA1

      828f4df3e2ad0c8b04b06cecb0c539391ba09704

    • SHA256

      8e85d370cc83174d34d0d6fd9153c37bb184dc9347e5a3bbfc692f9ded7be520

    • SHA512

      d3c33df3e7e06bd2beb638a4e17703498cb49da0ce958beaf268784d802bf6069eac236deb0049b6d5b5b1ba252d15a3a0a4e8585730dc69c4604a88f9d38f8a

    • SSDEEP

      24576:mhQAw5IR0EsV+8OCL3b1dpU1VLVrl4RXpUEYIum:m/F0EsNOCL3bL61VLVrl4f

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

upx
Score
7/10

behavioral4

asyncratdefaultratupx
Score
10/10

behavioral5

Score
1/10

behavioral6

asyncratdefaultratupx
Score
10/10

behavioral7

Score
5/10

behavioral8

Score
5/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
3/10