Overview

overview

10

Static

static

3

a3436e7f17...0N.exe

windows7-x64

10

a3436e7f17...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3436e7f17a93b12a60029992f728720N.exe

  • Size

    267KB

  • Sample

    240807-lwyqjszeph

  • MD5

    a3436e7f17a93b12a60029992f728720

  • SHA1

    52f184dcf5d04e7c7b5d9bab7ce1a90aab626d3b

  • SHA256

    e51eb91ddc758c9b2d1abef31a298307a462ab48d3a2d6bae58190c53085ba84

  • SHA512

    97950ace681672548c2cc410729d282c1b6ab2e2aa39f74dbfab62c723aab3dd7ad3baa11099b094e2b61d020554fcc710c1bbbb3de7c35fc75d359b3c4b9f4c

  • SSDEEP

    3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/B:WFzDqa86hV6uRRqX1evPlwAJ

Score
10/10
asyncratdiscoverypersistencerat

Malware Config

Targets

    • Target

      a3436e7f17a93b12a60029992f728720N.exe

    • Size

      267KB

    • MD5

      a3436e7f17a93b12a60029992f728720

    • SHA1

      52f184dcf5d04e7c7b5d9bab7ce1a90aab626d3b

    • SHA256

      e51eb91ddc758c9b2d1abef31a298307a462ab48d3a2d6bae58190c53085ba84

    • SHA512

      97950ace681672548c2cc410729d282c1b6ab2e2aa39f74dbfab62c723aab3dd7ad3baa11099b094e2b61d020554fcc710c1bbbb3de7c35fc75d359b3c4b9f4c

    • SSDEEP

      3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/B:WFzDqa86hV6uRRqX1evPlwAJ

    Score
    10/10
    asyncratdiscoverypersistencerat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks