Overview

overview

10

Static

static

1

'.exe

windows11-21h2-x64

Mia_Malkov...os.vbs

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quarantined Messages (1).zip

  • Size

    644KB

  • Sample

    240726-qp4enszhjm

  • MD5

    264a47dd7ef0c91fc72d036d4f29852c

  • SHA1

    4e889a2642e4aa21ba5e0c732f1a41dae8e1a257

  • SHA256

    20ef76c154dc7e7ebb7a1dc49590fab234f0f082133ed085bd834f89bd16c66b

  • SHA512

    cd56f2e64589197a26a30862f7cc94ae00cecaf122348864b31299710ecd902266183af1db7618b64fe3711a73861594f4e3394d4dd9754763dc9dfb5f91495f

  • SSDEEP

    12288:KX9OaxSIF8UI8DzWS6HAu+VRCrGSiPnL5q+9UGVFFMq8oogM1e14CEVAsGd:reIKbCrGSiPnQOFFMqZMUKCEfGd

Score
10/10
asyncratgbdiscoverypersistenceprivilege_escalationrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

GB

C2

141.95.84.40:3080

Mutex

XXXXXX

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      '

    • Size

      927KB

    • MD5

      1acefd52b10b834de4e770df29a8e8b9

    • SHA1

      adace06de40d3a81e92e5e5368d0a6854d785115

    • SHA256

      acaa5403a8c73414495693520d7e94c423abc4ae4237eddad8cb0886e6b23724

    • SHA512

      f8206d24e3f370caefe81cea4212581afe33af8867f2647754b5a67b5f69dc472bb4c892d6b048b72685844b8b4865b1f118ceffebb4571146547997d3f9731a

    • SSDEEP

      12288:ltgnPhEgPMI+c45linVLYeXP54o3Mn53XBVF+2O/6yCbfLVZIfTbowek5+n5A7y7:EP6gPvh45liV0ey6MnFXk2O/wfIrbGKe

    Score
    1/10
    behavioral1

    • Target

      Mia_Malkova_Photos.vbs

    • Size

      4.0MB

    • MD5

      83959ea07eae4d7f08fb11862ed707cb

    • SHA1

      80f40a35bde7a1500476bb17401948f4f811c7b0

    • SHA256

      20f8f27cdfbd0a0346a2e43348b3ae626d3aa4712ab559dce8286b74a58ddeb8

    • SHA512

      16faa156267bd072d9c889c951a109c827cc61d01b5962a74c912a8a63d5582802a6d1cb78875294ee3cb1fe361cfc41545837c22a4f76765f74e9b609942d05

    • SSDEEP

      12288:X999t9t9t9t9t99999999999t99t99999999tttt9tt9t9t99t99tt9t9t9ttttE:EGg

    Score
    10/10
    asyncratgbdiscoverypersistenceprivilege_escalationrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks