Overview

overview

10

Static

static

10

Repo/bin/dll.bat

windows7-x64

7

Repo/bin/dll.bat

windows10-2004-x64

10

Repo/bin/unam.exe

windows7-x64

1

Repo/bin/unam.exe

windows10-2004-x64

1

Silent Cry...er.exe

windows7-x64

1

Silent Cry...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Silent.Crypto.Miner.Builder.rar

  • Size

    81.8MB

  • Sample

    240724-psjn1ayhjb

  • MD5

    933d0f5124ce80145887ac1fa70cce22

  • SHA1

    0d18410b44a306620faa6e80ab2a1f3b454638e8

  • SHA256

    2d892e65432b58585112e78deec5750652a25249dd4f56e0fd6d47fe7804baf1

  • SHA512

    62ce1274e2ff0cf808d291ed8db92c17bcd1b1eb5caac4573a7c9cda1b88fa85958711f3f4a6f3df3092184a049dca0bd7a7d58f536e8772fddfd934ccdb99b6

  • SSDEEP

    1572864:Fd61wTAxnsyiOtrAqunqBZqx6ikncQTw5EH+tjkx6SR0thS3eb7Dt:FFTUnsHOhTPU6iknFOk+tjkx6RthOeXB

Score
10/10
asyncratxmrigunamdefense_evasionexecutionminerrat

Malware Config

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

unam

C2

windowsignn.theworkpc.com:6606

Mutex

AsyncMutex_5552

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Repo/bin/dll.bat

    • Size

      382KB

    • MD5

      8b1f260a182f74419011f14a8ba21a37

    • SHA1

      48d8da3f5971ebd6b358b6b63491b5e68f099a6c

    • SHA256

      478ca90bdf1d94b880dd18c1fd1a5b6124d4e1c4b77c546df88a0aa992aeb225

    • SHA512

      509a8b51cb3922f9be6c94029abbc4611b1ce438262abc9fef414780e97d7542d214ae42866ccaf540b52e6cfef017abfc00c891643b3b81753c9f4115ad64aa

    • SSDEEP

      6144:UJ+xnM15AXYHvdijZhhzPrJaBuLEQ/npzItPvshlqfyef:f8udDJ5hmPvqlRy

    Score
    10/10
    asyncratunamdefense_evasionexecutionrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

    • Target

      Repo/bin/unam.exe

    • Size

      129.3MB

    • MD5

      9b9dbfc1da565ff50d7869c68d12178d

    • SHA1

      e8c7e312d9848f95f17d72f45403ce0159777444

    • SHA256

      17c277605769ede5442963fa5cad409a03c23077c34f9ed6a1f72835154294d3

    • SHA512

      66491d4084594d0e4bbea3ac0224c691f43a023a45313056138d8494aeb80062ffba5f9c213fdc3b1b0ed07f38806d10bd3a39c80b872e45aaa824be7fb72751

    • SSDEEP

      3145728:bajeamjoC0MCr7jkS4aJwVlwV7iGYQ07SLjl:baaamEC0MQkiv7i92

    Score
    1/10
    behavioral3behavioral4

    • Target

      Silent Crypto Miner Builder.exe

    • Size

      139KB

    • MD5

      29d9c4a6c0be4ebb665ca5f423da7bdb

    • SHA1

      d22b7b928436ba4f9d7a3a40a6db20a227b57c2a

    • SHA256

      d833831e38738d03ed6156ec458d3252c379cf7c9c986fcfe8626184d3bceafd

    • SHA512

      114e82df03e624ef350a5c71bd05594f9075afce7a2d978ede81a9cc086a9d87fec7884b5f5e7e1b52b8a24741fdaf453033b486b87d79cc599af37162870d0d

    • SSDEEP

      3072:+zIJ3v9gOYQTTwVGKCXH6ZKjjJHYFc778K3o:zJ3vtYQTT6GKCuOr3

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks