Overview

overview

10

Static

static

3

9c3a188930...0N.exe

windows7-x64

10

9c3a188930...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c3a18893011d2c2e93adafd939aee10N.exe

  • Size

    266KB

  • Sample

    240719-qfmqkawekg

  • MD5

    9c3a18893011d2c2e93adafd939aee10

  • SHA1

    e7bf93ad09ce896198da7ab09cfe95ffcb9ab39b

  • SHA256

    9416e6132dd92b6959f70663005eef176bd91d6ece074459f76c14f8fe23fcbf

  • SHA512

    9e2cbc5a2467b8279eab6ed845b772ef4102d6cfcf03c9c99707b2a0db70f1d402ea4a6f9a4a402c50d23d8adc8b878ffa83ed10f547119f3ff8259b89d2d9af

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8f:WFzDqa86hV6uRRqX1evPlwAE6

Score
10/10
asyncratpersistencerat

Malware Config

Targets

    • Target

      9c3a18893011d2c2e93adafd939aee10N.exe

    • Size

      266KB

    • MD5

      9c3a18893011d2c2e93adafd939aee10

    • SHA1

      e7bf93ad09ce896198da7ab09cfe95ffcb9ab39b

    • SHA256

      9416e6132dd92b6959f70663005eef176bd91d6ece074459f76c14f8fe23fcbf

    • SHA512

      9e2cbc5a2467b8279eab6ed845b772ef4102d6cfcf03c9c99707b2a0db70f1d402ea4a6f9a4a402c50d23d8adc8b878ffa83ed10f547119f3ff8259b89d2d9af

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8f:WFzDqa86hV6uRRqX1evPlwAE6

    Score
    10/10
    asyncratpersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks