Overview

overview

10

Static

static

3

7da1a8556a...0N.exe

windows7-x64

7

7da1a8556a...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7da1a8556a3397000f93d1b8f9c7d6c0N.exe

  • Size

    267KB

  • Sample

    240803-ldfr1sygqj

  • MD5

    7da1a8556a3397000f93d1b8f9c7d6c0

  • SHA1

    641db6af1d33af15baa681a510b668e0f15e1274

  • SHA256

    10b15742922ef94b94c2b9dfe38253b6baea2cc7f24e21e324c05bd9bf0c8f53

  • SHA512

    27ef144e69fa4b34a5a70bbc58f9366d37eb78ba63ddb48849ba575d9514bb5fcc31b8fdfc97431b4aba36f5491c6c36225b7ab395baf0aa95e47e21a7c7b097

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sM:WFzDqa86hV6uRRqX1evPlwAEM

Score
10/10
asyncratdiscoverypersistencerat

Malware Config

Targets

    • Target

      7da1a8556a3397000f93d1b8f9c7d6c0N.exe

    • Size

      267KB

    • MD5

      7da1a8556a3397000f93d1b8f9c7d6c0

    • SHA1

      641db6af1d33af15baa681a510b668e0f15e1274

    • SHA256

      10b15742922ef94b94c2b9dfe38253b6baea2cc7f24e21e324c05bd9bf0c8f53

    • SHA512

      27ef144e69fa4b34a5a70bbc58f9366d37eb78ba63ddb48849ba575d9514bb5fcc31b8fdfc97431b4aba36f5491c6c36225b7ab395baf0aa95e47e21a7c7b097

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sM:WFzDqa86hV6uRRqX1evPlwAEM

    Score
    10/10
    discoverypersistenceasyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks