Overview

overview

10

Static

static

3

df122e3548...0N.exe

windows7-x64

10

df122e3548...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df122e354805f285fd22e12b164a4da0N.exe

  • Size

    266KB

  • Sample

    240715-p818zssdnn

  • MD5

    df122e354805f285fd22e12b164a4da0

  • SHA1

    ee3d63367b20698b0aff5c51abacf67c9cc6b2f8

  • SHA256

    8a3690702482665cca5b9dfe9ad57fb5809942007425cd1b1e0cd8edf977f225

  • SHA512

    a403ef15dc400097373755738a8ed2d9f3971b5babfebadf0dd6c4055a3b943f1b769f0f2e7c324c42606b3236d3d668f0facc6f894ba888940310f1305d9b87

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sr:WFzDqa86hV6uRRqX1evPlwAEr

Score
10/10
asyncratpersistencerat

Malware Config

Targets

    • Target

      df122e354805f285fd22e12b164a4da0N.exe

    • Size

      266KB

    • MD5

      df122e354805f285fd22e12b164a4da0

    • SHA1

      ee3d63367b20698b0aff5c51abacf67c9cc6b2f8

    • SHA256

      8a3690702482665cca5b9dfe9ad57fb5809942007425cd1b1e0cd8edf977f225

    • SHA512

      a403ef15dc400097373755738a8ed2d9f3971b5babfebadf0dd6c4055a3b943f1b769f0f2e7c324c42606b3236d3d668f0facc6f894ba888940310f1305d9b87

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sr:WFzDqa86hV6uRRqX1evPlwAEr

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks