Extracted

Extracted

• • Target

    2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber

  • Size

    8.1MB

  • MD5

    b07903a55bdb2c7ed7895fdeba690458

  • SHA1

    00eb5c9e340664df33ea9369179de712bc5d0773

  • SHA256

    205f00610ab36450d86ad8ebfe7a0f0af7aa757803503ea4de1f82c78e6dedd3

  • SHA512

    cb5df616f85177175e4543b7cda2010275c935f527cfb17c3a384884e6de4dd00a8f676c8e437c9a303573c08419f2f5c8fc30058493ba49abecfd65cae81bef

  • SSDEEP

    196608:B9ofsgFUjh5JMULHIEEUgILxbhVebH0h9HU5NHZlcP/VMfif:B9ofsuUjh5JMULHIEEUgILxbhVebH07H

  Score

  10^/10

  discoveryexecutionasyncratquasarxmrig4drundefaultevasionminerpersistenceratspywaretrojanupx

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Async RAT payload

    rat

  • XMRig Miner payload

    miner

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Command and Scripting Interpreter: PowerShell

    Powershell Invoke Web Request.

    execution

  • Creates new service(s)

    persistenceexecution

  • Downloads MZ/PE file

  • Stops running service(s)

    evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  behavioral1behavioral2