11438a5e03ababdc7aa308a1c82fb1685c58bb0d4b0a7e3b0a2af7a3c28b62f4

Sharing

Copy URL

Twitter E-mail

General

Target

gasai.rar
Size

131.2MB
Sample

240824-2qyflatfka
MD5

2e7a8f36236fd45417b2213d0768fa43
SHA1

61ff5dc5ad0981857f5f212fe93742aef33960ae
SHA256

11438a5e03ababdc7aa308a1c82fb1685c58bb0d4b0a7e3b0a2af7a3c28b62f4
SHA512

38254324ef2a2ae591eb8c7618517dc824bc3cde4a709da8a798ab75ddcf711a35bdc85624d47ac693bb3da14193f2ca461163c1b38fa0c4c3a6aa41f68dc9f1
SSDEEP

3145728:Q8s3kUCgZPG1eftBScfPn6MnvvxjgV6QfETIUjlTH7Shb:Q8s3kBkOIfZnjvxUV6QQIUxSh

Score

9^/10

Malware Config

Targets

- Target
  
  gasai.rar
- Size
  
  131.2MB
- MD5
  
  2e7a8f36236fd45417b2213d0768fa43
- SHA1
  
  61ff5dc5ad0981857f5f212fe93742aef33960ae
- SHA256
  
  11438a5e03ababdc7aa308a1c82fb1685c58bb0d4b0a7e3b0a2af7a3c28b62f4
- SHA512
  
  38254324ef2a2ae591eb8c7618517dc824bc3cde4a709da8a798ab75ddcf711a35bdc85624d47ac693bb3da14193f2ca461163c1b38fa0c4c3a6aa41f68dc9f1
- SSDEEP
  
  3145728:Q8s3kUCgZPG1eftBScfPn6MnvvxjgV6QfETIUjlTH7Shb:Q8s3kBkOIfZnjvxUV6QQIUxSh
Score

3^/10
behavioral1
- Target
  
  gasai/Gasai.exe
- Size
  
  101.8MB
- MD5
  
  be4c06fafcf75bea728c6fc5c9a8bd8d
- SHA1
  
  c610f057ed82a128d0360d10160bcefe40e05ad4
- SHA256
  
  efbce42a1ef148232051b6396f21f308b2fb14e5332dbf0599393187a548abd8
- SHA512
  
  d126dadb5f67d4d04691d20ae2d22c30b8f39004ff18805d0336109adcbc4d882db4250df484fe404a69c29b4bf8e623414997d79885b8c70395714fa9b7d0c2
- SSDEEP
  
  3145728:bWpiySwgYRaISeDB1jdvHqpN/SC++VN/SLqrn0/fu/f:bWoySwx2s1jVKSCcqV
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2
- Target
  
  Gasai.pyc
- Size
  
  1.2MB
- MD5
  
  3342f7d8b8e1fab88c5bf9e9458c79c6
- SHA1
  
  a7870442e581dd5f646170275067aa1f202233ba
- SHA256
  
  2d4d9c0c2e4df64e89146b8f55f71089503f169a857f75cd9f358959157352bd
- SHA512
  
  0b927a0db9af578b56df24b9692299a7d894d904adf1406f0dd3ff6e2c3853c405cba8c5da5cf33f6094d0cdc8e2e81b4789f809659ab0db45f102406be1bd85
- SSDEEP
  
  24576:mSrh7pGIEckPfMzQX6b8rL7nPb24J+gerw2hPWFyBnQv6w:mINy6QXGCfT2w+R9Vw
Score

3^/10
behavioral3
- Target
  
  gasai/config.json
- Size
  
  3KB
- MD5
  
  349ce03145466f17e08d6eec3e6c99fb
- SHA1
  
  3cdc0e3fef8cf6a0f3f3cfb2d369c12bc385d7c3
- SHA256
  
  1ac31ae8414115cde4b7dffb33cb3abe029e60ea61ce7fed27a445b0b27396b6
- SHA512
  
  2423ca5fe8086b40b6303c58dabe6f90583f71938a054eb135a8079b7f801fddb6bfd623b7fb4e30653859423f93e9678e2cd93c99720aa902216f7e4cc87c99
Score

3^/10
behavioral4
- Target
  
  gasai/crack.dll
- Size
  
  2.9MB
- MD5
  
  e42615c8afc31caeddcc6080933fe10e
- SHA1
  
  30f545b60fe0eec20f00304c16cfdfd8860513f9
- SHA256
  
  37d493e23a12be12f02d3663348b1992d31f4a717637324922b1bab082ab7935
- SHA512
  
  62d0eea5c31cf83e8b6e14a51405161d88ad9b514485b33bf31863c15318b5fb18383eb1812ea13b117254fff245e5d034d4943822367ab25fd84219f6298de4
- SSDEEP
  
  49152:Vv58YPYu3ui4i8lHWXXh7R+2IeVYP8w4U5nVkHNgQOmC6yxI9BNVEpcBpa6YM:JPPnei4i8lMXh7RQeSkW5VCgEC6W0Bzm
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral5
- Target
  
  gasai/device_whitelist.json
- Size
  
  297B
- MD5
  
  c54c7ad1ff9e01b3011672bd327d88ca
- SHA1
  
  d3dda77b36a4ef3251a7578a55cec467151fbde5
- SHA256
  
  4ea30da453720dbbd5a68562719740787bf6320551f91fd259473fe32cdbb629
- SHA512
  
  c683eafa93648b66a743e10bb35e5f8985d8968594abf6a32dec5a4e749f3f7346e1da390bed68768e605a69f8304aa302eb203e595846666adedaaedb05cad5
Score

3^/10
behavioral6
- Target
  
  gasai/launcher.exe
- Size
  
  4.9MB
- MD5
  
  05bc8e2e0473d2bcb2d959d5ecde2d37
- SHA1
  
  555f073467bbc064db4049d3ea6be5221d601d72
- SHA256
  
  1e13949291b38b35ff7ae80f701ca50753e47472c3667470a82a5206ad6d9801
- SHA512
  
  645297f215c4734acbb8d580f9be220cd42a8a7d9bcf3f08b149cbd1e4f867c06252f44915317052ee66599de7401def0f8477eae40973e680c247bc4293c88e
- SSDEEP
  
  98304:YKRGpvYMi4MIMPgQesZCWV9yfmYGefQBZaLHNjj5YdRBuwo:YIiv9iqMPzyHGef0SB5Y1
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7
- Target
  
  gasai/login.txt
- Size
  
  3B
- MD5
  
  942de0c38fd2dcf2f145e4bc2a3a8c80
- SHA1
  
  44a0128ec1f8da59e1b98867ed8d677c43caedc1
- SHA256
  
  628751dea425570696e9f2a5ef8c10a4bb4fdbc63a3b03a54723821534835d56
- SHA512
  
  18476d1e6d122536ca78e4f0254f78db5732c99c97379bce7bd1760851bd26be2c3a5ea8417d801564b01781b67cc1f3ccca6a0b7240564dc756e2cdda8e3037
Score

1^/10
behavioral8
- Target
  
  gasai/misc/Direct Message with robio.xyz#0.html
- Size
  
  1.7MB
- MD5
  
  7c4f125fba0056a9e5e06c53599b6b24
- SHA1
  
  9ff65b98525045cecb116cdb1d7edf059c011b86
- SHA256
  
  1e2bcb3c455446f11ed62698062c220dd8c2f8ab78b48663242143aab815d1d4
- SHA512
  
  35545099c3a61b0c43e502fe5071ab8d3e6a40fde0aa7ec24033d3509f1753e98517d2c855efd809635566af5b354ac5ce2897fc6bba2b22d629e7b75b0e2b1c
- SSDEEP
  
  1536:ZotC3h7zcWjVumi7Z+L6AgxpM77Gn5CfHiBEpykdGx8Q9MIbU1xg2PTmFOd0bQ8F:ZlR62p+
Score

1^/10
behavioral9
- Target
  
  gasai/misc/Geolilte.mmdb
- Size
  
  59.4MB
- MD5
  
  254c9b3ba048a2bdd0944397b96fb212
- SHA1
  
  ad29f9c51fe8c851e36c264cabcd38483481eb62
- SHA256
  
  f163a2f9e374b0562d118d7765f0545aedf28591420197bbbf1354a183b78da8
- SHA512
  
  45b0313ed786a90997a39e6d172e9234630ae9acd55663d14eb7c4c123d1f58885124a667bbd02dd023aac7ed34d3ec0c719689dc7b28bbeca4f68fafff6561d
- SSDEEP
  
  786432:fggNlnQjvEhnHxoRENfQplsxdQ68/px5KvN/:qvExR/pQ/IdQ6cn4
Score

3^/10
behavioral10
- Target
  
  gasai/misc/bans.txt
- Size
  
  2KB
- MD5
  
  6d23e0ef50905f84661460c70ed4c63c
- SHA1
  
  cdf2a550e5c6be04d51dd8fbc8aa9ad9cfc74c8d
- SHA256
  
  ca092c4d1475acbeea8d3a55800b7e4d48d6bd39a53f3e835e18aeff553c2ce5
- SHA512
  
  d1c88fbbf83a3359d6ba865bd55b646ee2872046ca971207169946fc338940be274167871a7c3a4e3870dee048c891f62fdca8a9397411f45f7ce51e6abfe72d
Score

1^/10
behavioral11
- Target
  
  gasai/misc/debug_log.txt
- Size
  
  14KB
- MD5
  
  0915fb3b9e85abd7dd7cbe4bf7945b7c
- SHA1
  
  42fcee1d2d2849b4919b8b57440ff4a8c4469712
- SHA256
  
  6f7a16b5a1915aff2c268b9a137730fea14d7fc1945baecdf452049b31ef01c4
- SHA512
  
  f76ae206575343e809d1945adfe7cebc0308fe82a4d45e1d34273bf23033b6e39f9b85a0f2e5d331d93255571f737d28f16e50ea47e013d8078aac0908f5bf30
- SSDEEP
  
  96:f5DXx3MELd0upbXMl9aXbPWRE6XMjrtrUHA:bTAIaIpZ
Score

1^/10
behavioral12
- Target
  
  gasai/misc/friends.txt
- Size
  
  7KB
- MD5
  
  abb4bc5c925997be0907654c92bd5411
- SHA1
  
  26f4bad89a361a4b93f442a970c17892d86215be
- SHA256
  
  99712b4de4d46d1c97bebbd0dd0ea75d3fa6835c30719ba940ead4ed9fadbede
- SHA512
  
  170cc5e6e79486a1fdc4be47608fd632300351cb881adf163a957a99a864a27d438e8041c071d918af70daa27032082500af1f98a8b130653b6239e8829d8a89
- SSDEEP
  
  192:3xCpTBFK7CdYyJXdCHRFADKpWkdTirem2N+zZANI9mfh:3i14nfHfADK4+2n2gzl9mfh
Score

1^/10
behavioral13
- Target
  
  gasai/misc/gasaiselfbot.png
- Size
  
  84KB
- MD5
  
  88339b86ee22b37beaa7f77c48f50148
- SHA1
  
  95d3f67398e82e63096278bd897b8c03780eff8a
- SHA256
  
  6890da40de615c3b0cec429a24bff9f155021eacfbe0f27568f4542612a0aced
- SHA512
  
  8ef26f55ba9464b3b4278a9d539e186ab452e9f528b22a8801cf96d620c47b3debd4157552b6776e0457cbbe19a39732d676e9a2a648a55098e604fe98e0d18a
- SSDEEP
  
  1536:j333333333333338333333333Q/MZ1ANfqBdCSkwIthdEzQE0nb6zES5ra39fwGc:V/smcCljeQN3vqbR
Score

3^/10
behavioral14
- Target
  
  gasai/misc/img.jpg
- Size
  
  34KB
- MD5
  
  9bb352a6ddb0b626cf75476753d3d3e7
- SHA1
  
  9d8b9e3b2d271c439de996abeaa969670958e11d
- SHA256
  
  aed845da1d8e644283158e161521e697032d852fc4fdee0a34d596319eb87a7d
- SHA512
  
  c3941116e4df960421d5d1b4e19bee03cfb8ac1c859baaa8170aee4a90cb60e168d1ddc381413ebeea0f85f1b3933800a7e4be78c96621817aa20ae37e196758
- SSDEEP
  
  768:eFqRPdLn1Q/udXdettGCIG275RymVcLRxu:cqRxnq/uXIttGG29RLVcLa
Score

3^/10
behavioral15
- Target
  
  gasai/misc/mention_delete_log.txt
- Size
  
  271B
- MD5
  
  cd409a6ee7d6ee06588716235e49d732
- SHA1
  
  5bbcbd88913eec174d171a2062427a431c30592d
- SHA256
  
  6777a68c71257a4dfe3987dc894eebbbbe981ffe1f72870834808780bfea1578
- SHA512
  
  f63e46a9a23b3e6e602cf8fd87f01bd1e6d44360547b480647f925c086acff230aa148d75d4f0fb46dd4f03f1692ccff061a841afc28728c6534e272844008be
Score

1^/10
behavioral16
- Target
  
  gasai/misc/selfbot_detection_log.txt
- Size
  
  14KB
- MD5
  
  6d4e73e064153091f7aca8b8bc247e92
- SHA1
  
  036628462020c8cfe89c23d505bb2de18c545766
- SHA256
  
  b812ffa33014e48d744b6bbd4d47fb6b924548d570062413519c1aadfd7ddc65
- SHA512
  
  aa6bad75320e5d13a5f0432d3d9d1539193ab81f25397baf5f3144136f115de4aae65e8a63b24003c7e0c7b1b7d9794d08c6a9f8909401aa6df69e19002adf22
- SSDEEP
  
  384:ZsBtMRdmtMRdwtMRdKtMRdmtMRdmtMRd7tMRdmtMRdmtMRdmtMRdmtMRdmtMRdlH:ut2mt2wt2Kt2mt2mt27t2mt2mt2mt2m6
Score

1^/10
behavioral17
- Target
  
  gasai/misc/spoofed_profiles.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral18
- Target
  
  gasai/misc/tags.json
- Size
  
  2B
- MD5
  
  99914b932bd37a50b983c5e7c90ae93b
- SHA1
  
  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
- SHA256
  
  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- SHA512
  
  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score

3^/10
behavioral19
- Target
  
  gasai/misc/yuno.ico
- Size
  
  264KB
- MD5
  
  e33046748c14f65aaa92dfa101311d02
- SHA1
  
  cbafcd2eab15fccb39dbb717fd08f8eb87b06443
- SHA256
  
  43af2e901593a4bc218cf56b8d0e23a8e2f63195987824874cf180369bf50de6
- SHA512
  
  279b14f881a6b120471f47b58e04c351e5c1313e4fb9515a156f6ff89d6ca7cdf5e1d66a3fe1ec7da4398f19ac7242bf431f8e15e7934fee30b1a12c11bbc235
- SSDEEP
  
  6144:FHOdOf2+cHqwh/rLyaBfhZ+mkM2tWJcr3CCpkjfTyNZQCbH:0dqD2TyNZt
Score

3^/10
behavioral20
- Target
  
  gasai/notifications.json
- Size
  
  452B
- MD5
  
  c0293d6d34c901fd94233598a49a6e88
- SHA1
  
  93e0f3bc1e5b02910369c513563f584a0cf75417
- SHA256
  
  27dbb979baa1c94b09c276e454405d43e3b8a5427a740d991b29e3bc50800176
- SHA512
  
  c60ec6c44c1932e6978cf64e17769cc9e553a1600ed0ec40c89eed9f0db60902bde17af0995e632e9ca8620b6d9e3b2f308aa9cb8ac5136aee3cf78f136b1d35
Score

3^/10
behavioral21
- Target
  
  gasai/overseer/aliases.json
- Size
  
  6B
- MD5
  
  16450068a58d20d2057e0ecfcefc55dd
- SHA1
  
  11ae40f7cd1a922c6e3f529b803e43bd74bcf676
- SHA256
  
  c6f8281620c2b87cf6a94f523311eae977e420ef9a6cda8667f61be906ceca90
- SHA512
  
  49b12b23511a09a05c97c2afbd415340fe78909f86ab33e481be512262f225be49e5473fb6bd2b904e0e46958f9f28351c933f8aaab51b319ae143287b3c7a9d
Score

3^/10
behavioral22
- Target
  
  gasai/overseer/giveaways.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral23
- Target
  
  gasai/overseer/mimic_data.json
- Size
  
  38B
- MD5
  
  8dc6e297cde152951c9fa5782d2430f7
- SHA1
  
  662b1e259b4245667c9e76268b8004d3820c395f
- SHA256
  
  12153d83f42f8ef99c5bdec3ee78962f434c35ed9931e07d3ffabff09e9df8a8
- SHA512
  
  ef973738b1b81e8a806736394cecf2da6a159f07536441a53a998880d65b3132b7e66d17615cd9e7596c6dec5bcd56f62e7a8eb6cb4f4366f370290bceb0aaab
Score

3^/10
behavioral24
- Target
  
  gasai/overseer/server_blacklist.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral25
- Target
  
  gasai/overseer/servers.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral26
- Target
  
  gasai/overseer/ssh.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral27
- Target
  
  gasai/overseer/users.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral28
- Target
  
  gasai/overseer/watching.json
- Size
  
  6B
- MD5
  
  81c4b355911c21cac4599b0908838c4b
- SHA1
  
  dc9f0133b9773cf81564cfab510bfc53584d2e4f
- SHA256
  
  b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
- SHA512
  
  fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score

3^/10
behavioral29
- Target
  
  gasai/overseer/webhooks.json
- Size
  
  40B
- MD5
  
  c3d6c394dd814acf9de251941a48881c
- SHA1
  
  4e252b888fdf97f157c22650066a9bed7dd2e7c8
- SHA256
  
  81688a21a446eea4527371e60ff6378cbdfccfc42e87fadfa0a0c68f94be6d3e
- SHA512
  
  19f4c87b25c40b9849ed05b60a68f9c33ca6fbf98be23d863ad2f0d362cc78b0c25e935430c7198738dad68a5208895e666ccea959f1e4f42a181ced9fc453fc
Score

3^/10
behavioral30
- Target
  
  gasai/themes/default_theme.json
- Size
  
  674B
- MD5
  
  3eeb7d0c4d8423cba9de47348ec35ddd
- SHA1
  
  087a8f4854479b1cb6d1073b1af7ec0235f564eb
- SHA256
  
  0f96f48a31fdefc312144b521b6c48aaf61a414c78cf224da67f25d981b00fb6
- SHA512
  
  bf5643d717ebbf1ffb49ca222a4a8b17fe44751897747a5f91c3ae95f2adaaf21572ee066183f9d195b8946329f45437eb8c8a54a3bfd84dd517593b362331fc
Score

3^/10
behavioral31

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31