aa609bbd63bb47b79a2e624a908a32032b5b227611cded8a697ee20b07ea9e08 | Triage

Sharing

General

Target

Asuna Lite.rar
Size

1.3MB
Sample

240727-mzpsgsycrc
MD5

09b685b846114ba7b5d30cc42b402e3e
SHA1

d20d7a7fd0a5dacdcf565342af7d3553acb2d9be
SHA256

aa609bbd63bb47b79a2e624a908a32032b5b227611cded8a697ee20b07ea9e08
SHA512

415ced784aa7d0c94860b468885dfbae8b2644073bee3fd499f19fb5dd1695cf905ab007f09520f0dcdcbfb055ef6c031ea3fb613de56fc021d17b634f8b10b7
SSDEEP

24576:oJ2GCHq6VZ0vuALSG6zEi3XfV2Xtc0cGX0i3xLgRKxVylfd2AB9/jI1Z3jo7/:7fGRifVWeSEihk4/AX9sa

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Asuna Lite/Asuna.dll
- Size
  
  636KB
- MD5
  
  d908d86fc1c698e68a8d048f8c4ec80e
- SHA1
  
  e63592ebe54bc04ae7409623bbb385dbe4a85fb5
- SHA256
  
  cab614003e66def1ccb21ad41d66172c1da900b7e10b0d15816f1d51861f13cd
- SHA512
  
  f58974014e4ea9b044b9bd653bca3330ae5f77209c93f84797b7f8919a2cfe739368acf4067e3b6c72198676311b75dd32be0d878ea48f10885141b5c208022e
- SSDEEP
  
  12288:ESgAPdZrsAMDxz4yhbRrRpIReNzIIvyYp8DKbIoSV9SZynnloO:H4A84y/Rw2zII9so29znnt
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Asuna Lite/Asuna.exe
- Size
  
  363KB
- MD5
  
  14eded1661b6adcfa19d9cd43b7a8148
- SHA1
  
  ee970fac39ed665195fc89fba0114c2dfb663c11
- SHA256
  
  6e9c819d4327b2319a9a336acc4f5b7c53e0b284ea66d28534a485a8d038dc94
- SHA512
  
  8c6d356e9ecacc7c5b9d2e79b80a5924f0cd790132734af52f2d4a1da3dffaac1a924c4b19fb7b1bfe7618828b4f24f912431c9c74baf15281daf44271febb74
- SSDEEP
  
  6144:xAi4pxpRkyHRZa0Gl278IVNcIcW+EbIo98QG9SZyMMyzmBlpkvOD:x4RlGI78IVlbIoSV9SZynnloO
Score

7^/10

execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Asuna Lite/SharpCompress.dll
- Size
  
  580KB
- MD5
  
  30b5c4d9a654dd291b7ea435211f60c5
- SHA1
  
  374071d9c244eccd998eeb8aa4eb5969043f8a3d
- SHA256
  
  0a5a8c3607938a65873251693cd752b05f6f34370ad2fe82f1210e4d925b1675
- SHA512
  
  8952cc715e79a36948584084a51fe3d297d03c4d801daeb2af10fc1cdae67fd07401315fac7da591394a1448f7d5d847e424d89c20bdd4d7cc2ec7c31bcff73a
- SSDEEP
  
  6144:hSojDxWjfP9lU3AS2agAuStn7+ixIaJPXbEm4XjgRx8c9Xrfkfam5swjCu1MDvM:hSos7w3DpgAYVaJA8R+k9YsOlU
Score

1^/10
behavioral5 behavioral6
- Target
  
  Asuna Lite/ZstdSharp.dll
- Size
  
  401KB
- MD5
  
  09f6ded9375793bfd5a931faf164762a
- SHA1
  
  413a1538da849ff4f5037582c4828b6bd444544c
- SHA256
  
  abb3a24a17a41e5a7b7f6a7784e55ffad17ba1ccc5f18f3369ead1f126c4e120
- SHA512
  
  2d80e2ff6ff70f6e49d29d5f422f09148002e0a084c9248d3e3a628b9180792442c9f85c9a8fb7c996f520a1a653bd4710d8b0ab09a6c0816e0c6401892547c7
- SSDEEP
  
  6144:VTwjPLjGfYUfNYbwnTIDifsJIoTgIxLDqMP545CCEnipnV:VTo3YYgpnTtUJm5CC
Score

1^/10
behavioral7 behavioral8
- Target
  
  Asuna Lite/bin/API.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10